Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virtumonde/vundo


  • This topic is locked This topic is locked
9 replies to this topic

#1 gorodisch

gorodisch

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 04 December 2008 - 09:18 PM

After several years avoiding problems using a firewall/anti-virus software/spybot/ad-aware defence I have succumbed to what appears to be a combination of attacks.
Since I first became aware of the problem and redaing up on this and other forums I have downloaded and run Malwarebytes anti-malware, Super-antispyware, Vundofix and VirtumundoBeGone, ensuring my caches are clean and all old updates of Java have been removed.
Yet still they come...
So here is my HJT log.
I am using Windows XP (its the mediacenter version if that makes a difference) regularly updated.
Avast anti-virus
A Zonealarm firewall
on startup I get messages like
"error loading C:\WINDOWS\system32\gapedalu.dll
the specified module could not be found"
One other factor which may not be related is that I've been having difficulties opening hotmail messages in firefox (I am currently on a poor internet connection) and have therefore occasionally resorted to using the dreaded internet explorer.

After reading this thread http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ I am currently the RSIT.exe but at the moment its only downloading at 1.4kbs...so I shall post the HJT first and add date from RSIT when I've managed to run it.

I do not have my own broadband connection here at my current place of work, I am paying for a wireless connection from a computer shop so I have no real way of knowing if the slow download speeds I am experiencing are due to that connection, but it did seem much faster before I started getting popups and trojan alerts...

Thankyou for taking the time to read this over, it is much appreciated!

all the best

Stephen


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:55:31, on 05/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Documents and Settings\stephen\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\zemavuda.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\gapedalu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\gapedalu.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: FireBox Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202130379906
O20 - AppInit_DLLs: C:\WINDOWS\system32\marewugo.dll c:\windows\system32\yajosofo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10080 bytes

BC AdBot (Login to Remove)

 


#2 gorodisch

gorodisch
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 04 December 2008 - 11:36 PM

log file:

Logfile of random's system information tool 1.04 (written by random/random)
Run by stephen at 2008-12-05 04:26:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (25%) free of 234 GB
Total RAM: 1022 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:26:50, on 05/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Cakewalk\SONAR 4 Producer Edition\sonarpdr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\stephen\Desktop\RSIT.exe
C:\Documents and Settings\stephen\Desktop\HiJackThis\stephen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\zemavuda.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\gapedalu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\gapedalu.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: FireBox Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202130379906
O20 - AppInit_DLLs: C:\WINDOWS\system32\marewugo.dll c:\windows\system32\yajosofo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10192 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c77fe2e-0d8d-48f5-8425-4806a78d6c8a}]
C:\WINDOWS\system32\zemavuda.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-08 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-03-16 118844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-03-16 127037]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-08 185896]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-23 176128]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-12-14 495616]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-01-25 1032376]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"HUAWEI 3G Data Card MTS"=C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
FireBox Control Panel.lnk - C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Documents and Settings\stephen\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\marewugo.dll c:\windows\system32\yajosofo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\marewugo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\WinPcap\rpcapd.exe"="C:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe:*:Enabled:ashWebSv"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"="C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe:*:Enabled:aawservice"
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe:*:Enabled:Application Launcher"
"C:\Program Files\OpenOffice.org 2.4\program\soffice.bin"="C:\Program Files\OpenOffice.org 2.4\program\soffice.bin:*:Enabled:soffice"
"C:\Program Files\QuickTime\QTTask.exe"="C:\Program Files\QuickTime\QTTask.exe:*:Enabled:QTTask"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"="C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aa7a99a-0597-11dd-9568-b5ceeff16a68}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9444840c-0e31-11dd-95b3-afb906d3e82d}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94448410-0e31-11dd-95b3-afb906d3e82d}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c974008-d336-11dc-9471-8909ccb4253d}]
shell\AutoRun\command - K:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c974009-d336-11dc-9471-8909ccb4253d}]
shell\AutoRun\command - K:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4a9ca92-d305-11dc-9469-e088c06a38b4}]
shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4a9ca95-d305-11dc-9469-e088c06a38b4}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc71e818-e980-11dc-94e9-b117d3a2fcaf}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc71e81b-e980-11dc-94e9-b117d3a2fcaf}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb937c7-129b-11dd-95c6-d2adb9d2cef5}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea93e2f8-1444-11dd-95d0-8e7a6baa5dc9}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea93e2f9-1444-11dd-95d0-8e7a6baa5dc9}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcf5059d-eaa8-11dc-94ec-b5f617b0b85e}]
shell\AutoRun\command - I:\AutoRun.exe


======List of files/folders created in the last 1 months======

2008-12-05 04:26:39 ----D---- C:\rsit
2008-12-04 22:41:18 ----SH---- C:\WINDOWS\system32\pohubeli.dll
2008-12-02 00:37:47 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-02 00:26:12 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 00:26:12 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 00:26:12 ----A---- C:\WINDOWS\system32\java.exe
2008-12-01 18:19:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-01 17:14:30 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-01 03:19:31 ----SH---- C:\WINDOWS\system32\abomivat.ini
2008-12-01 01:59:39 ----D---- C:\Documents and Settings\stephen\Application Data\Malwarebytes
2008-12-01 01:59:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-01 01:59:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-01 01:55:20 ----D---- C:\Program Files\CCleaner
2008-12-01 01:53:25 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-01 01:53:18 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-12-01 01:53:17 ----D---- C:\Program Files\SpywareBlaster
2008-11-30 22:19:37 ----D---- C:\Program Files\AskBarDis
2008-11-30 22:19:09 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-11-30 22:19:07 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-11-30 22:19:07 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-11-30 22:19:04 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-11-30 22:19:03 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-11-30 22:19:02 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-11-30 22:19:02 ----D---- C:\Program Files\Zone Labs
2008-11-30 22:19:02 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-11-30 22:19:02 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-11-30 22:19:02 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-11-30 22:11:02 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-11-30 22:11:01 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-11-30 22:11:01 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-11-30 22:10:58 ----D---- C:\WINDOWS\Internet Logs
2008-11-30 18:06:05 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-30 18:05:49 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-30 18:05:49 ----D---- C:\Documents and Settings\stephen\Application Data\SUPERAntiSpyware.com
2008-11-30 13:48:00 ----D---- C:\VundoFix Backups
2008-11-30 13:48:00 ----A---- C:\VundoFix.txt
2008-11-27 16:16:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-19 10:22:43 ----A---- C:\WINDOWS\system32\stu2.exe
2008-11-17 20:52:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-17 20:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-17 14:50:37 ----HD---- C:\Program Files\Zero G Registry
2008-11-17 14:50:37 ----D---- C:\Program Files\Appv4.1
2008-11-17 10:33:37 ----A---- C:\WINDOWS\system32\muweb.dll
2008-11-17 10:33:37 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-17 10:33:37 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-16 13:26:55 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-16 13:15:48 ----D---- C:\WINDOWS\Prefetch
2008-11-16 12:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-16 12:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-16 12:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-16 12:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-16 12:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-16 12:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-16 12:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-16 12:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-16 12:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-16 12:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-16 12:45:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-16 12:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-16 12:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-16 12:45:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-16 12:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-16 12:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-16 12:45:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-16 12:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-16 12:39:53 ----D---- C:\WINDOWS\system32\scripting
2008-11-16 12:39:52 ----D---- C:\WINDOWS\system32\en
2008-11-16 12:39:52 ----D---- C:\WINDOWS\l2schemas
2008-11-16 12:39:51 ----D---- C:\WINDOWS\system32\bits
2008-11-16 12:37:26 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-16 12:36:07 ----D---- C:\WINDOWS\network diagnostic
2008-11-16 12:30:52 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-14 18:50:18 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-14 18:50:16 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-14 18:50:13 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-14 18:50:13 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-14 18:50:04 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-14 18:50:04 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-14 18:49:55 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-11-14 18:49:54 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-11-14 18:49:52 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-14 18:49:52 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-14 18:49:52 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-14 18:49:52 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-14 18:49:52 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-14 18:49:52 ----N---- C:\WINDOWS\slrundll.exe
2008-11-14 18:49:48 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-14 18:49:46 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-14 18:49:44 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-14 18:49:42 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-14 18:49:41 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-14 18:49:40 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-14 18:49:40 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-14 18:49:40 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-14 18:49:38 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-14 18:49:36 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-14 18:49:33 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-14 18:49:26 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-14 18:49:26 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-14 18:49:26 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-14 18:49:25 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-14 18:49:24 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-14 18:49:24 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-11-14 18:49:22 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-14 18:49:22 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-14 18:49:08 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-14 18:49:08 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-14 18:49:08 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-14 18:49:08 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-14 18:49:05 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-14 18:48:53 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-14 18:48:52 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-14 18:48:52 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-14 18:48:52 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-14 18:48:52 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-14 18:48:51 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-14 18:48:39 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-11-14 18:48:38 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-11-14 18:48:33 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-14 18:48:27 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-14 18:48:20 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-11-14 18:48:20 ----A---- C:\WINDOWS\003158_.tmp
2008-11-14 18:48:18 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-14 18:48:18 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-14 18:48:18 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-14 18:48:17 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-14 18:48:17 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-14 18:48:17 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-14 18:48:17 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-14 18:48:17 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-14 18:48:09 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-14 18:48:09 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-14 18:48:09 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-14 18:48:09 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-14 18:48:08 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-14 18:48:08 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-14 18:48:08 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-14 18:48:06 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-14 18:48:06 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-14 18:48:05 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-14 18:48:01 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-14 18:47:47 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-14 18:47:47 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-14 18:47:45 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-14 18:47:45 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-14 18:47:44 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-14 18:47:37 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-14 13:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-14 13:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-14 13:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-14 13:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-14 13:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-14 13:20:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-14 13:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-14 13:20:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-14 13:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-14 13:20:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 1 months======

2008-12-05 04:26:13 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-12-05 04:14:06 ----D---- C:\Cakewalk Projects
2008-12-05 02:43:12 ----A---- C:\WINDOWS\coolcust.ini
2008-12-05 02:43:12 ----A---- C:\WINDOWS\cool.ini
2008-12-05 02:25:00 ----D---- C:\Program Files\Mozilla Firefox
2008-12-05 01:41:05 ----D---- C:\Documents and Settings\stephen\Application Data\OpenOffice.org2
2008-12-05 01:39:16 ----D---- C:\WINDOWS\Temp
2008-12-05 01:39:03 ----D---- C:\WINDOWS
2008-12-05 01:38:49 ----D---- C:\WINDOWS\Registration
2008-12-05 00:54:10 ----AD---- C:\WINDOWS\system32
2008-12-05 00:37:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 05:15:06 ----ASH---- C:\WINDOWS\system32\tohapuva.dll
2008-12-03 22:33:52 ----ASH---- C:\WINDOWS\system32\duduhahi.dll
2008-12-03 09:57:20 ----A---- C:\WINDOWS\wininit.ini
2008-12-02 19:47:12 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-02 17:47:18 ----ASH---- C:\WINDOWS\system32\muwumadu.dll
2008-12-02 16:31:44 ----RSD---- C:\WINDOWS\assembly
2008-12-02 13:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-02 05:49:59 ----HD---- C:\WINDOWS\inf
2008-12-02 05:48:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-02 05:45:52 ----SHD---- C:\WINDOWS\Installer
2008-12-02 05:44:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-02 05:44:36 ----D---- C:\WINDOWS\WinSxS
2008-12-02 05:43:37 ----D---- C:\Program Files\Internet Explorer
2008-12-02 05:39:13 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-02 05:10:18 ----RD---- C:\Program Files
2008-12-02 05:10:18 ----D---- C:\WINDOWS\system32\drivers
2008-12-02 04:48:43 ----ASH---- C:\WINDOWS\system32\dolivowa.dll
2008-12-02 00:25:58 ----D---- C:\Program Files\Java
2008-12-01 16:33:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-01 01:58:10 ----D---- C:\WINDOWS\Debug
2008-12-01 01:58:09 ----D---- C:\WINDOWS\Minidump
2008-11-30 22:47:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-30 18:05:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-26 00:53:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-21 07:53:02 ----D---- C:\Program Files\Azureus
2008-11-21 07:52:59 ----D---- C:\Documents and Settings\stephen\Application Data\Azureus
2008-11-20 05:23:48 ----D---- C:\WINDOWS\Help
2008-11-19 10:22:41 ----A---- C:\WINDOWS\system32\userinit.exe
2008-11-17 15:38:31 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-16 13:14:56 ----D---- C:\Program Files\Messenger
2008-11-16 13:14:55 ----RSD---- C:\WINDOWS\Fonts
2008-11-16 13:14:55 ----D---- C:\WINDOWS\system32\wbem
2008-11-16 13:14:55 ----D---- C:\WINDOWS\system32\Setup
2008-11-16 13:14:55 ----D---- C:\WINDOWS\AppPatch
2008-11-16 12:50:35 ----D---- C:\WINDOWS\security
2008-11-16 12:40:05 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-16 12:40:05 ----D---- C:\WINDOWS\ime
2008-11-16 12:39:54 ----D---- C:\WINDOWS\system32\usmt
2008-11-16 12:39:54 ----D---- C:\WINDOWS\system32\en-US
2008-11-16 12:39:51 ----D---- C:\WINDOWS\PeerNet
2008-11-16 12:39:51 ----D---- C:\Program Files\Movie Maker
2008-11-16 12:37:18 ----D---- C:\WINDOWS\system32\Restore
2008-11-16 12:37:18 ----D---- C:\WINDOWS\system32\npp
2008-11-16 12:37:18 ----D---- C:\WINDOWS\mui
2008-11-16 12:37:17 ----D---- C:\WINDOWS\srchasst
2008-11-16 12:37:17 ----D---- C:\WINDOWS\msagent
2008-11-16 12:37:16 ----D---- C:\Program Files\NetMeeting
2008-11-16 12:37:15 ----D---- C:\WINDOWS\system32\Com
2008-11-16 12:37:14 ----D---- C:\Program Files\Windows NT
2008-11-16 12:37:14 ----D---- C:\Program Files\Outlook Express
2008-11-16 12:37:12 ----D---- C:\Program Files\Common Files\System
2008-11-16 12:37:02 ----D---- C:\WINDOWS\system32\oobe
2008-11-16 12:37:00 ----D---- C:\WINDOWS\system
2008-11-16 12:34:30 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-16 12:30:49 ----D---- C:\WINDOWS\ehome
2008-11-14 13:23:12 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-11-13 353680]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-08 21035]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-03-16 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-03-16 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-03-16 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-03-16 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-03-16 86684]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-03-16 14877]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-03-16 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-03-16 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-03-16 100605]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 pae_1394;pae_1394; C:\WINDOWS\System32\Drivers\pae_1394.sys [2007-10-09 123440]
R3 pae_avs;pae_avs; C:\WINDOWS\System32\Drivers\pae_avs.sys [2007-10-09 51248]
R3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-02 232192]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-03-05 88960]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-04-27 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-01-25 3072184]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-11-13 2405776]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]

-----------------EOF-----------------


info file:

info.txt logfile of random's system information tool 1.04 2008-12-05 04:26:56

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4Media MP4 Converter-->C:\Program Files\4Media\MP4 Converter 3\Uninstall.exe
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced PDF to IMAGE converter 1.9.9.9-->"C:\Program Files\Advanced PDF to IMAGE converter\unins000.exe"
Allok MPEG4 Converter 4.8.0310-->"C:\Program Files\Allok MPEG4 Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Appv4.1-->"C:\Program Files\Appv4.1\Uninstall_Appv4.1\Uninstall Appv4.1.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{390FF986-468D-4CA9-8830-2C4B313F447F} /l1033
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Cain & Abel v4.9.23-->C:\PROGRA~1\Cain\UNINSTAL.EXE C:\PROGRA~1\Cain\Install.log
Cakewalk Pro Audio 9-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cakewalk\Cakewalk Pro Audio 9\CWPA9_Uninst.isu"
Cakewalk VST Adapter 4.4.4.0-->C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
CommView for WiFi-->C:\PROGRA~1\COMMVI~1\CV.exe /u
Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe
Cool Edit Pro-->C:\WINDOWS\cep1unin.exe
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\SETUP.EXE" -uninstall
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DreamStation DXi2-->C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
Free PS Convert driver 8.15-->"C:\Program Files\psconvert\unins000.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\stephen\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 3500-->msiexec /x{C7EC0699-D82C-4451-B701-C98C330D43AF}
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Melodyne 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.18)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PreSonus 1394 Audio Driver v2.46 (FireBox)-->"C:\Program Files\PreSonus\1394AudioDriver_FireBox\uninst.exe" Software\PreSonus\1394AudioDriver_FireBox\Setup
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Right Click Image Converter-->"C:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe"
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
sdTwoWav-->MsiExec.exe /I{5FEA7A01-D361-460D-8E7D-C1C96A5EC61B}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonar Producer Edition v4.0.3-->C:\PROGRA~1\Cakewalk\SONAR4~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SONAR4~1\INSTALL.LOG
Sonic Audio module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson PC Suite-->MsiExec.exe /I{D44778FA-4CA2-48E4-835E-DD872CA96971}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TC Native EQ v1.01 (DNV)-->C:\audio\tcnative\tceq\UNWISE.EXE C:\audio\tcnative\tceq\install.log
TC Native Reverb v1.5-->C:\WINDOWS\UNWISE.EXE C:\audio\tcnative\tcreverb\install.log
TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime-->C:\PROGRA~1\TCNATI~1\UNWISE.EXE C:\PROGRA~1\TCNATI~1\INSTALL.LOG
TimeWorks Delay 6022 v1.063-->C:\audio\TIMEWO~1\Delay\UNWISE.EXE C:\audio\TIMEWO~1\Delay\install.log
TimeWorks Phaser 88 v1.004-->C:\audio\TIMEWO~1\Phaser\UNWISE.EXE C:\audio\TIMEWO~1\Phaser\install.log
TimeWorks Reverb 4080L v1.101-->C:\WINDOWS\UNWISE.EXE C:\audio\TIMEWO~1\Reverb\install.log
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Waves Mercury Complete VST DX RTAS v1.01-->"C:\Program Files\Waves\Uninstall\unins000.exe"
web'n'walk USB manager-->C:\Program Files\T-Mobile\web'n'walk USB manager\uninst.exe
WildPackets OmniPeek 5.1.4 Demo-->"C:\Program Files\InstallShield Installation Information\{04EFA816-A11C-409B-B1DB-F1B837F9BCD9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Wireshark 1.0.3-->"C:\Program Files\Wireshark\uninstall.exe"
Word to PDF Converter 3.00-->"C:\Program Files\PDF-Convert\doc2pdf\unins000.exe"
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"
ZoneAlarm Spy Blocker Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\matiberi.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKUS\S-1-5-19\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\herugife.dll",s (User 'LOCAL SERVICE')
O20 - AppInit_DLLs: C:\WINDOWS\system32\dijoromo.dll c:\windows\system32\yagepodo.dll c:\windows\system32\tafivefi.dll c:\windows\system32\vegovuni.dll
O4 - HKUS\S-1-5-20\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\herugife.dll",s (User 'NETWORK SERVICE')
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O4 - HKUS\S-1-5-20\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\wadumepo.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: C:\WINDOWS\system32\pozofohu.dll
O4 - HKUS\S-1-5-19\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\wadumepo.dll",s (User 'LOCAL SERVICE')
O18 - Protocol: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - C:\Program Files\Common Files\WildPackets\peekrexpert.dll
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\kopavawi.dll
O4 - HKLM\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\wadumepo.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingC5319] cmd /c del "c:\windows\system32\wipakave.dll_old"
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\kopavawi.dll
O4 - HKLM\..\RunOnce: [SpybotDeletingA8620] command /c del "c:\windows\system32\wipakave.dll_old"
O20 - AppInit_DLLs: C:\WINDOWS\system32\pozofohu.dll c:\windows\system32\wipakave.dll
O4 - HKUS\S-1-5-20\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\wadumepo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\wadumepo.dll",s (User 'LOCAL SERVICE')
O20 - AppInit_DLLs: C:\WINDOWS\system32\pozofohu.dll
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\kopavawi.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\pozofohu.dll
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\kopavawi.dll (file missing)
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\kopavawi.dll (file missing)
O4 - HKUS\S-1-5-20\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\wadumepo.dll",s (User 'NETWORK SERVICE')
O4 - HKLM\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\wadumepo.dll",s
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\kopavawi.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\pozofohu.dll
O2 - BHO: (no name) - {2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - C:\WINDOWS\system32\zemavuda.dll
O4 - HKUS\S-1-5-20\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\gapedalu.dll",s (User 'NETWORK SERVICE')
O4 - HKLM\..\Run: [poperogedi] Rundll32.exe "C:\WINDOWS\system32\gapedalu.dll",s
O20 - AppInit_DLLs: c:\windows\system32\fuwubidu.dll c:\windows\system32\rumenite.dll C:\WINDOWS\system32\marewugo.dll c:\windows\system32\diteriga.dll

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081204-0] (disabled)
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

thankyou

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:51 AM

Posted 05 December 2008 - 02:18 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Also, please uninstall the ZoneAlarm Spy Blocker Toolbar via software > add & remove programs since this one is not recommended and has a questionable reputation. It doesn't block any Spyware, on the contrary, this toolbar IS "spyware" since it uses the ask.com searchengine.
Extra note - I see you are using the Avast Antivirus. It is known that if people have Zonealarm installed with the Combination Avast, that there will be a lot of slowdown problems, especially while browsing and during Windows startup. So actually, I recommend you uninstall the whole Zonealarm program.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 gorodisch

gorodisch
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 05 December 2008 - 04:46 AM

thanks for your time. Below is my combofix log. If you could recommend a good firewall to use in conjunction with avast, or indeed if a change of anti-virus software would be better, that would be really helpful.

ComboFix 08-12-04.04 - stephen 2008-12-05 9:35:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.577 [GMT 0:00]
Running from: c:\documents and settings\stephen\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\setup.exe
c:\windows\system32\abomivat.ini
c:\windows\system32\dolivowa.dll
c:\windows\system32\duduhahi.dll
c:\windows\system32\fihiwiku.dll
c:\windows\system32\marewugo.dll
c:\windows\system32\muwumadu.dll
c:\windows\system32\tohapuva.dll
c:\windows\system32\vekujusi.dll
c:\windows\system32\wiyirive.dll
c:\windows\system32\yalepefo.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 04:26 . 2008-12-05 04:26 <DIR> d-------- C:\rsit
2008-12-04 22:41 . 2008-12-04 22:41 2,713 ---hs---- c:\windows\system32\pohubeli.dll
2008-12-02 00:26 . 2008-12-02 00:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-01 01:59 . 2008-12-01 01:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-01 01:59 . 2008-12-01 01:59 <DIR> d-------- c:\documents and settings\stephen\Application Data\Malwarebytes
2008-12-01 01:59 . 2008-12-01 01:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-01 01:59 . 2008-10-22 16:28 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-01 01:59 . 2008-10-22 16:28 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 01:55 . 2008-12-01 01:55 <DIR> d-------- c:\program files\CCleaner
2008-12-01 01:53 . 2008-12-01 01:53 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-01 01:53 . 2008-12-05 09:34 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 01:53 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2008-11-30 22:19 . 2008-12-05 08:36 <DIR> d-------- c:\windows\system32\ZoneLabs
2008-11-30 22:19 . 2008-11-30 22:19 <DIR> d-------- c:\program files\Zone Labs
2008-11-30 22:19 . 2008-11-30 22:19 4,212 --ah----- c:\windows\system32\zllictbl.dat
2008-11-30 22:10 . 2008-12-05 08:36 <DIR> d-------- c:\windows\Internet Logs
2008-11-30 18:06 . 2008-11-30 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-30 18:05 . 2008-11-30 18:05 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-30 18:05 . 2008-11-30 18:05 <DIR> d-------- c:\documents and settings\stephen\Application Data\SUPERAntiSpyware.com
2008-11-30 13:48 . 2008-11-30 13:48 <DIR> d-------- C:\VundoFix Backups
2008-11-27 16:16 . 2008-12-02 00:26 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-19 10:22 . 2008-04-14 00:12 26,112 --a------ c:\windows\system32\stu2.exe
2008-11-17 14:50 . 2008-11-17 14:50 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-17 14:50 . 2008-11-18 21:44 <DIR> d-------- c:\program files\Appv4.1
2008-11-17 14:50 . 2008-11-17 14:50 <DIR> d--h----- c:\documents and settings\stephen\InstallAnywhere
2008-11-17 10:33 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-17 10:33 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-17 10:33 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-16 13:26 . 2008-11-16 13:26 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\windows\system32\scripting
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\windows\system32\en
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\windows\system32\bits
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\windows\l2schemas
2008-11-16 12:37 . 2008-11-16 12:40 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-14 18:49 . 2008-04-14 00:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2008-11-14 18:48 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-11-14 18:47 . 2008-04-14 00:11 870,784 --------- c:\windows\system32\ati3d1ag.dll
2008-11-14 12:44 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-14 12:43 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-14 12:43 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-14 12:43 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-14 12:43 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-14 12:43 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-14 12:43 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-14 12:42 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 09:37 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-12-05 09:28 --------- d-----w c:\documents and settings\stephen\Application Data\OpenOffice.org2
2008-12-05 08:45 --------- d-----w c:\program files\CommViewWiFi
2008-12-05 08:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 13:12 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-02 00:25 --------- d-----w c:\program files\Java
2008-12-01 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 18:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-26 00:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-21 07:53 --------- d-----w c:\program files\Azureus
2008-11-21 07:52 --------- d-----w c:\documents and settings\stephen\Application Data\Azureus
2008-11-03 22:32 --------- d-----w c:\program files\TC Native Bundle
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-07 14:20 --------- d-----w c:\program files\Belkin
2008-10-04 13:34 6,903,874 ----a-w C:\ca_setup.exe
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2007-04-23 13:21 269,824 ----a-w c:\windows\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w c:\windows\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w c:\windows\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w c:\windows\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w c:\windows\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w c:\windows\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w c:\windows\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w c:\windows\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w c:\windows\inf\WG111v3\RTWREFU.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-08 185896]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 495616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

c:\documents and settings\stephen\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FireBox Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FireBox\FireBox.exe [2008-02-04 1077248]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 1527808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"=
"c:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\ComboFix\\fdsv.cfexe"=
"c:\\WINDOWS\\ehome\\ehmsas.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-02 78416]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-02 20560]
R3 pae_1394;pae_1394;c:\windows\system32\Drivers\pae_1394.sys [2008-02-04 123440]
R3 pae_avs;pae_avs;c:\windows\system32\Drivers\pae_avs.sys [2008-02-04 51248]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9444840c-0e31-11dd-95b3-afb906d3e82d}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94448410-0e31-11dd-95b3-afb906d3e82d}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c974008-d336-11dc-9471-8909ccb4253d}]
\Shell\AutoRun\command - K:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c974009-d336-11dc-9471-8909ccb4253d}]
\Shell\AutoRun\command - K:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4a9ca92-d305-11dc-9469-e088c06a38b4}]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4a9ca95-d305-11dc-9469-e088c06a38b4}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc71e818-e980-11dc-94e9-b117d3a2fcaf}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc71e81b-e980-11dc-94e9-b117d3a2fcaf}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb937c7-129b-11dd-95c6-d2adb9d2cef5}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea93e2f8-1444-11dd-95d0-8e7a6baa5dc9}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea93e2f9-1444-11dd-95d0-8e7a6baa5dc9}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcf5059d-eaa8-11dc-94ec-b5f617b0b85e}]
\Shell\AutoRun\command - I:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2c77fe2e-0d8d-48f5-8425-4806a78d6c8a} - c:\windows\system32\zemavuda.dll
HKCU-Run-HUAWEI 3G Data Card MTS - c:\program files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
HKLM-Run-poperogedi - c:\windows\system32\gapedalu.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
FireFox -: Profile - c:\documents and settings\stephen\Application Data\Mozilla\Firefox\Profiles\srn3cu77.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 09:38:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-05 9:40:41
ComboFix-quarantined-files.txt 2008-12-05 09:39:24

Pre-Run: 61,663,809,536 bytes free
Post-Run: 61,647,859,712 bytes free

239 --- E O F --- 2008-12-05 09:28:01

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:51 AM

Posted 05 December 2008 - 04:59 AM

Hi,

See my signature below under Firewalls for the ones I recommend. :thumbsup:

It looks like you were dealing with an infected userinit.exe in the past as well, however, this one should be fixed already since Combofix doesn't list it as being modified. Most probably you performed a Windows update in between which has overwritten the infected userinit.exe with the legitimate one again.

Still some leftovers to delete though...

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\system32\pohubeli.dll
Folder::
C:\VundoFix Backups
FileLook::
c:\windows\system32\stu2.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9444840c-0e31-11dd-95b3-afb906d3e82d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94448410-0e31-11dd-95b3-afb906d3e82d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c974008-d336-11dc-9471-8909ccb4253d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c974009-d336-11dc-9471-8909ccb4253d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4a9ca92-d305-11dc-9469-e088c06a38b4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4a9ca95-d305-11dc-9469-e088c06a38b4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc71e818-e980-11dc-94e9-b117d3a2fcaf}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc71e81b-e980-11dc-94e9-b117d3a2fcaf}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb937c7-129b-11dd-95c6-d2adb9d2cef5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea93e2f8-1444-11dd-95d0-8e7a6baa5dc9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea93e2f9-1444-11dd-95d0-8e7a6baa5dc9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcf5059d-eaa8-11dc-94ec-b5f617b0b85e}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 gorodisch

gorodisch
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 05 December 2008 - 05:23 AM

thanks again!

ComboFix 08-12-04.04 - stephen 2008-12-05 10:10:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.548 [GMT 0:00]
Running from: c:\documents and settings\stephen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\stephen\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\pohubeli.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
c:\windows\system32\pohubeli.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 04:26 . 2008-12-05 04:26 <DIR> d-------- C:\rsit
2008-12-02 00:26 . 2008-12-02 00:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-01 01:59 . 2008-12-01 01:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-01 01:59 . 2008-12-01 01:59 <DIR> d-------- c:\documents and settings\stephen\Application Data\Malwarebytes
2008-12-01 01:59 . 2008-12-01 01:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-01 01:59 . 2008-10-22 16:28 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-01 01:59 . 2008-10-22 16:28 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 01:55 . 2008-12-01 01:55 <DIR> d-------- c:\program files\CCleaner
2008-12-01 01:53 . 2008-12-05 09:43 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-01 01:53 . 2008-12-05 10:07 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 01:53 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2008-11-30 22:19 . 2008-12-05 08:36 <DIR> d-------- c:\windows\system32\ZoneLabs
2008-11-30 22:19 . 2008-11-30 22:19 <DIR> d-------- c:\program files\Zone Labs
2008-11-30 22:19 . 2008-11-30 22:19 4,212 --ah----- c:\windows\system32\zllictbl.dat
2008-11-30 22:10 . 2008-12-05 08:36 <DIR> d-------- c:\windows\Internet Logs
2008-11-30 18:06 . 2008-11-30 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-30 18:05 . 2008-11-30 18:05 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-30 18:05 . 2008-11-30 18:05 <DIR> d-------- c:\documents and settings\stephen\Application Data\SUPERAntiSpyware.com
2008-11-27 16:16 . 2008-12-02 00:26 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-19 10:22 . 2008-04-14 00:12 26,112 --a------ c:\windows\system32\stu2.exe
2008-11-17 14:50 . 2008-11-17 14:50 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-17 14:50 . 2008-11-18 21:44 <DIR> d-------- c:\program files\Appv4.1
2008-11-17 14:50 . 2008-11-17 14:50 <DIR> d--h----- c:\documents and settings\stephen\InstallAnywhere
2008-11-17 10:33 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-17 10:33 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-17 10:33 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-16 13:26 . 2008-11-16 13:26 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\windows\system32\scripting
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\windows\system32\en
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\windows\system32\bits
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\windows\l2schemas
2008-11-16 12:37 . 2008-11-16 12:40 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-14 18:49 . 2008-04-14 00:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2008-11-14 18:48 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-11-14 18:47 . 2008-04-14 00:11 870,784 --------- c:\windows\system32\ati3d1ag.dll
2008-11-14 12:44 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-14 12:43 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-14 12:43 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-14 12:43 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-14 12:43 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-14 12:43 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-14 12:43 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-14 12:42 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 10:11 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-12-05 09:28 --------- d-----w c:\documents and settings\stephen\Application Data\OpenOffice.org2
2008-12-05 08:45 --------- d-----w c:\program files\CommViewWiFi
2008-12-05 08:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 13:12 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-02 00:25 --------- d-----w c:\program files\Java
2008-12-01 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 18:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-26 00:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-21 07:53 --------- d-----w c:\program files\Azureus
2008-11-21 07:52 --------- d-----w c:\documents and settings\stephen\Application Data\Azureus
2008-11-03 22:32 --------- d-----w c:\program files\TC Native Bundle
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-07 14:20 --------- d-----w c:\program files\Belkin
2008-10-04 13:34 6,903,874 ----a-w C:\ca_setup.exe
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2007-04-23 13:21 269,824 ----a-w c:\windows\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w c:\windows\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w c:\windows\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w c:\windows\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w c:\windows\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w c:\windows\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w c:\windows\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w c:\windows\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w c:\windows\inf\WG111v3\RTWREFU.EXE
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- c:\windows\system32\stu2.exe ----
Company: Microsoft Corporation
File Description: Userinit Logon Application
File Version: 5.1.2600.5512 (xpsp.080413-2113)
Product Name: Microsoftr Windowsr Operating System
Copyright: c Microsoft Corporation. All rights reserved.
Original file name: USERINIT.EXE
MD5: a93aee1928a9d7ce3e16d24ec7380f89


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-08 185896]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 495616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

c:\documents and settings\stephen\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FireBox Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FireBox\FireBox.exe [2008-02-04 1077248]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 1527808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"=
"c:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\ComboFix\\fdsv.cfexe"=
"c:\\WINDOWS\\ehome\\ehmsas.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-02 78416]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-02 20560]
R3 pae_1394;pae_1394;c:\windows\system32\Drivers\pae_1394.sys [2008-02-04 123440]
R3 pae_avs;pae_avs;c:\windows\system32\Drivers\pae_avs.sys [2008-02-04 51248]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
.
Contents of the 'Scheduled Tasks' folder

2008-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
FireFox -: Profile - c:\documents and settings\stephen\Application Data\Mozilla\Firefox\Profiles\srn3cu77.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 10:11:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-05 10:14:19
ComboFix-quarantined-files.txt 2008-12-05 10:13:14
ComboFix2.txt 2008-12-05 09:40:43

Pre-Run: 61,616,648,192 bytes free
Post-Run: 61,603,098,624 bytes free

210 --- E O F --- 2008-12-05 09:28:01

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:51 AM

Posted 05 December 2008 - 05:28 AM

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 gorodisch

gorodisch
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 05 December 2008 - 06:00 AM

everything seems fine now! A huge thankyou.
all the best
Stephen

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:51 AM

Posted 05 December 2008 - 06:06 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:51 AM

Posted 07 December 2008 - 04:41 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users