Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtumonde / automatic updates wont work


  • This topic is locked This topic is locked
16 replies to this topic

#1 RoysterV1

RoysterV1

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 05 December 2008 - 09:55 AM

Well first my automatic updates didn't work, when it took me to the website i got an [Error number: 0x80070422] it tells u to go to systems.msc. So i did this followed the instructions and when i tried to set the automatic updates to automatic and click start i get an error message reading "Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.". So i googled to and i have been to a few help pages and a few forums and tried wot they have said and tried removing stuff with programs such as, spybot search and destroy, super anti spyware and malewarebyte's anti male ware. These appear to have done nothing to help very much and now several itcons seem to be missing from my taskbar (bottom right of screen). Hopefully i haven't messed anything up so far but i need help.
Here are the 2 logs:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Leeroy Reid at 2008-12-05 14:40:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 89 GB (29%) free of 305 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:41, on 05/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Leeroy Reid\Desktop\RSIT.exe
C:\Program Files\trend micro\Leeroy Reid.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {BB532191-CB4F-4B5A-998E-236840B4A0B5} - C:\WINDOWS\system32\wvUljjiH.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.google.co.uk
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: zhzspr.dll srbxbn.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Leeroy Reid\Local Settings\Temp\{435AF8AE-C245-4956-88D4-CDF0DBCD8A4A}\NMSAccessU.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 4427 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\A225F1C591126F4D.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\dbkcxast.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB532191-CB4F-4B5A-998E-236840B4A0B5}]
C:\WINDOWS\system32\wvUljjiH.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-09-07 716800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="zhzspr.dll srbxbn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-22 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\wvUljjiH

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Leeroy Reid\temp\TeamViewer\TeamViewer.exe"="C:\Documents and Settings\Leeroy Reid\temp\TeamViewer\TeamViewer.exe:*:Disabled:TeamViewer"
"C:\Program Files\DynGate\DynGate.exe"="C:\Program Files\DynGate\DynGate.exe:*:Enabled:DynGate Router"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:ÁTorrent"
"C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe:*:Enabled:Football Manager 2007"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-05 14:40:27 ----D---- C:\Program Files\trend micro
2008-12-05 14:40:24 ----D---- C:\rsit
2008-12-05 13:27:07 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\Malwarebytes
2008-12-05 13:27:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 13:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-05 12:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-05 12:09:40 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-05 12:09:40 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\SUPERAntiSpyware.com
2008-12-05 12:08:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-05 11:47:19 ----ASH---- C:\WINDOWS\system32\HijjlUvw.ini2
2008-12-04 23:03:19 ----SH---- C:\WINDOWS\system32\kcofkuiy.ini
2008-12-04 21:42:12 ----D---- C:\Program Files\Common Files\Scanner
2008-12-04 21:42:07 ----D---- C:\Program Files\Yahoo! Anti-Spy
2008-12-04 21:38:33 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\Yahoo!
2008-12-03 23:06:59 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\IUpd721
2008-12-03 22:58:58 ----A---- C:\WINDOWS\system32\2763d1b8-.txt
2008-12-03 22:58:25 ----ASH---- C:\WINDOWS\system32\HijjlUvw.ini
2008-12-03 22:53:30 ----D---- C:\WINDOWS\system32\tdi
2008-12-03 22:53:30 ----D---- C:\WINDOWS\system32\ma1
2008-12-03 22:53:30 ----D---- C:\WINDOWS\system32\bu
2008-11-24 15:16:09 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-11-24 15:15:48 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\Nero
2008-11-24 15:03:29 ----A---- C:\WINDOWS\Irremote.ini
2008-11-24 14:50:32 ----D---- C:\Program Files\Nero
2008-11-24 14:50:05 ----D---- C:\Program Files\Common Files\Nero
2008-11-24 14:50:05 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-11-23 11:53:39 ----D---- C:\Program Files\Saga
2008-11-17 14:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2008-11-17 14:55:18 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-17 14:55:18 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-17 14:55:18 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-17 14:55:17 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-17 14:55:17 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-17 14:55:17 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-17 14:55:16 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-17 14:55:16 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-17 14:55:15 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-17 14:55:15 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-17 14:55:14 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-17 14:55:14 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-17 14:55:13 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-17 14:55:13 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-17 14:55:12 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-17 14:55:12 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-17 14:55:11 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-17 14:55:10 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-17 14:55:08 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-17 14:55:08 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-17 14:55:06 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-17 14:55:04 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-17 14:55:04 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-17 14:55:02 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-17 14:55:01 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-17 14:54:20 ----D---- C:\WINDOWS\Logs
2008-11-12 18:53:15 ----D---- C:\Documents and Settings\All Users\Application Data\rionix
2008-11-12 18:52:42 ----D---- C:\Program Files\Action Ball 2
2008-11-12 00:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 00:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 00:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-06 14:43:41 ----D---- C:\NVIDIA

======List of files/folders modified in the last 1 months======

2008-12-05 14:40:29 ----D---- C:\WINDOWS\Prefetch
2008-12-05 14:40:27 ----RD---- C:\Program Files
2008-12-05 13:51:22 ----D---- C:\WINDOWS\Temp
2008-12-05 13:51:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-05 13:51:07 ----D---- C:\WINDOWS\Registration
2008-12-05 13:50:58 ----D---- C:\WINDOWS
2008-12-05 13:35:20 ----D---- C:\WINDOWS\system32
2008-12-05 13:35:19 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 13:34:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-05 12:09:51 ----SHD---- C:\WINDOWS\Installer
2008-12-05 12:08:26 ----D---- C:\Program Files\Common Files
2008-12-04 22:41:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-04 21:42:35 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-04 21:40:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-04 21:15:34 ----D---- C:\Program Files\Google
2008-12-04 21:15:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-04 21:01:23 ----SD---- C:\WINDOWS\Tasks
2008-12-04 20:24:43 ----HD---- C:\WINDOWS\inf
2008-12-04 15:22:20 ----RHD---- C:\$VAULT$.AVG
2008-12-04 14:41:43 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\AVG7
2008-12-04 11:09:30 ----A---- C:\WINDOWS\wininit.ini
2008-12-03 22:53:33 ----D---- C:\temp
2008-12-03 22:46:37 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\uTorrent
2008-11-24 15:55:08 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-24 11:35:49 ----D---- C:\Program Files\Ahead
2008-11-24 11:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-11-23 23:12:09 ----SD---- C:\Documents and Settings\Leeroy Reid\Application Data\Microsoft
2008-11-20 10:56:59 ----D---- C:\WINDOWS\Minidump
2008-11-18 21:52:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 14:55:20 ----D---- C:\WINDOWS\system32\DirectX
2008-11-17 14:33:25 ----D---- C:\Program Files\Sports Interactive
2008-11-14 20:46:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-14 08:21:58 ----D---- C:\WINDOWS\Help
2008-11-12 16:15:40 ----D---- C:\Program Files\DivX
2008-11-12 01:01:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 00:59:15 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 00:59:13 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 00:58:32 ----D---- C:\WINDOWS\WinSxS
2008-11-07 10:00:01 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-03-01 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-03-01 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-20 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-21 21419]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-03-01 4960]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-22 2829824]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2006-09-06 168832]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-15 47360]
R3 rt2870;802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 476416]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-09 162944]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
S3 w550bus;Sony Ericsson W550 driver (WDM); C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-07-15 60928]
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-07-15 8336]
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-07-15 96672]
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2005-07-15 88080]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w550obex.sys [2005-07-15 85952]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-03-01 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2007-12-20 406528]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2004-10-29 53337]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192]
S2 NMSAccessU;NMSAccessU; C:\Documents and Settings\Leeroy Reid\Local Settings\Temp\{435AF8AE-C245-4956-88D4-CDF0DBCD8A4A}\NMSAccessU.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2004-10-29 69718]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-12-05 14:40:45

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\Motive\btbb\UninstallHelper.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ÁTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Action Ball 2 by grez868-->MsiExec.exe /X{CB9119DF-E08B-4FA2-836D-021540686F81}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{7B76034B-B3ED-46D5-8C66-DEB102CB830A}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BT Broadband Desktop Help-->C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Broadband Talk Softphone 3.1-->"C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
BTHomeHub-->C:\Program Files.\BTHomeHub.\Uninstall.exe BTHomeHub
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\Yahoo! Anti-Spy\CA Yahoo! Anti-Spy\uninstall.exe"
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DynGate-->"C:\Program Files\DynGate\uninstall.exe"
Edimax Wireless LAN Card-->C:\Program Files\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Football Manager 2008-->"C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Football Manager 2009-->"C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe"
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Spyware Scan provided by Yahoo!-->C:\PROGRA~1\Yahoo!\Common\unynss.exe
OpenMG Limited Patch 4.0-04-11-28-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.0-04-11-28-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.0.05-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BB92E35A-F5B8-4D59-90F3-CF863871BCF3} /l1033 UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SonicStage 2.3.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG 7.5.552

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------


Thanking you in advance
Royster

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 11 December 2008 - 09:40 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

In your next reply include:
-the OTScanIt log (attached)
-the GMER log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 RoysterV1

RoysterV1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 12 December 2008 - 05:13 AM

Thank you for the help, the only change since my original post is my automatic updates now works but my comp is still telling me i got that virtumonde crap.

Here is the OtScanIt log

Attached Files



#4 RoysterV1

RoysterV1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 12 December 2008 - 05:38 AM

gmer log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-12 10:33:02
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF74ED0D0]
SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]
SSDT sptd.sys ZwOpenKey [0xF74ED0B0]
SSDT sptd.sys ZwQueryKey [0xF74F3418]
SSDT sptd.sys ZwQueryValueKey [0xF74F3298]
SSDT sptd.sys ZwSetValueKey [0xF74F34AA]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA670F20]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload BAB828AC 5 Bytes JMP 8A8D74D8

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7504018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75269AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EDAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EDC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EDB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74EE748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74EE61E] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A9CA1E8

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \FileSystem\Fastfat \FatCdrom 89CEB790
Device \FileSystem\Udfs \UdfsCdRom 89CD91E8
Device \FileSystem\Udfs \UdfsDisk 89CD91E8
Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{8F035AB9-93D3-4E80-8732-31D939C32528} 8A1911E8
Device \Driver\usbuhci \Device\USBPDO-0 8A8A91E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A9591E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A9591E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A9591E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A9591E8
Device \Driver\usbuhci \Device\USBPDO-1 8A8A91E8
Device \Driver\usbuhci \Device\USBPDO-2 8A8A91E8
Device \Driver\usbuhci \Device\USBPDO-3 8A8A91E8
Device \Driver\usbehci \Device\USBPDO-4 8A8A26D8
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9CC1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DB12D459-763C-4F2A-A6FF-40C93CDE82E7} 8A1911E8
Device \Driver\Cdrom \Device\CdRom0 8A7EF790
Device \Driver\Cdrom \Device\CdRom1 8A7EF790
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1911E8
Device \Driver\NetBT \Device\NetbiosSmb 8A1911E8
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 8A8A91E8
Device \Driver\usbuhci \Device\USBFDO-1 8A8A91E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1DC1E8
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-2 8A8A91E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1DC1E8
Device \Driver\usbuhci \Device\USBFDO-3 8A8A91E8
Device \Driver\usbehci \Device\USBFDO-4 8A8A26D8
Device \Driver\Ftdisk \Device\FtControl 8A9CC1E8
Device \FileSystem\Fastfat \Fat 89CEB790

AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \FileSystem\Cdfs \Cdfs 89CD7790

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd202c1f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd202c1f@001620a8f287 0x72 0x5A 0xCC 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1434400696
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1492737669
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0x3D 0xD7 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd202c1f
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd202c1f@001620a8f287 0x72 0x5A 0xCC 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0x3D 0xD7 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0x3D 0xD7 0x6B ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@p¨0\vÔgC$Š\xbe\v\x2020ÔgC$Š\xbe\vm\x2026hC\x2dc°\xbe\v\x2dc°\xbe\vdŠ\xbe\v<Š\xbe\v#\ImageUploader4.ocx 1
Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\InprocServer32@ C:\PROGRA~1\Ahead\NEROWA~1\AUDIOC~1.OCX

---- EOF - GMER 1.0.14 ----


Thanks Royster

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 12 December 2008 - 09:53 PM

Hello Royster.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Run Fix with OTScanIt
We will run OTScanIt with directives. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Kill Explorer]
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {BB532191-CB4F-4B5A-998E-236840B4A0B5} [HKLM] -> %SystemRoot%\system32\wvUljjiH.dll [Reg Error: Value  does not exist or could not be read.]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\"{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5229 domain(s) found.
    YN -> antimalwareguard.com .[*] -> Trusted sites
    YN -> antispyexpert.com .[*] -> Trusted sites
    YN -> gomyhit.com .[*] -> Trusted sites
    YN -> imageservr.com .[*] -> Trusted sites
    YN -> spyguardpro.com .[*] -> Trusted sites
    YN -> storageguardsoft.com .[*] -> Trusted sites
    YN -> 51 domain(s) and sub-domain(s) not assigned to a zone. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
    YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found.
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5230 domain(s) found.
    YN -> antimalwareguard.com .[*] -> Trusted sites
    YN -> antispyexpert.com .[*] -> Trusted sites
    YN -> gomyhit.com .[*] -> Trusted sites
    YN -> imageservr.com .[*] -> Trusted sites
    YN -> spyguardpro.com .[*] -> Trusted sites
    YN -> storageguardsoft.com .[*] -> Trusted sites
    YN -> 50 domain(s) and sub-domain(s) not assigned to a zone. -> 
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
    YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found.
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    YN -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5222 domain(s) found.
    YN -> 50 domain(s) and sub-domain(s) not assigned to a zone. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
    YN -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found.
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    YN -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5222 domain(s) found.
    YN -> 50 domain(s) and sub-domain(s) not assigned to a zone. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
    YN -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found.
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    YN -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found.
    YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
    YN -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found.
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    YN -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found.
    YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
    YN -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found.
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3164665725-1594270243-3061616737-1005\] > -> HKEY_USERS\S-1-5-21-3164665725-1594270243-3061616737-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    YN -> HKEY_USERS\S-1-5-21-3164665725-1594270243-3061616737-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5230 domain(s) found.
    YN -> antimalwareguard.com .[*] -> Trusted sites
    YN -> antispyexpert.com .[*] -> Trusted sites
    YN -> gomyhit.com .[*] -> Trusted sites
    YN -> imageservr.com .[*] -> Trusted sites
    YN -> spyguardpro.com .[*] -> Trusted sites
    YN -> storageguardsoft.com .[*] -> Trusted sites
    YN -> 50 domain(s) and sub-domain(s) not assigned to a zone. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3164665725-1594270243-3061616737-1005\] > -> HKEY_USERS\S-1-5-21-3164665725-1594270243-3061616737-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
    YN -> HKEY_USERS\S-1-5-21-3164665725-1594270243-3061616737-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found.
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
    YN -> zhzspr.dll -> 
    YN -> srbxbn.dll -> 
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
    *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
    YN -> C:\WINDOWS\system32\wvUljjiH -> 
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
    [Files/Folders - Created Within 30 Days]
    NY -> HijjlUvw.ini2 -> %SystemRoot%\System32\HijjlUvw.ini2
    NY -> kcofkuiy.ini -> %SystemRoot%\System32\kcofkuiy.ini
    NY -> IUpd721 -> %AppData%\IUpd721
    NY -> HijjlUvw.ini -> %SystemRoot%\System32\HijjlUvw.ini
    NY -> tdi -> %SystemRoot%\System32\tdi
    NY -> ma1 -> %SystemRoot%\System32\ma1
    NY -> bu -> %SystemRoot%\System32\bu
    NY -> dbkcxast.job -> %SystemRoot%\tasks\dbkcxast.job
    NY -> .# -> %UserProfile%\Local Settings\Application Data\.#
    [Empty Temp Folders]
    [Reboot]
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Download and Run Lop S&D
You can find a detailed instructions with visuals here:
http://eric.71.mespages.googlepages.com/lop.sd.en
  • Disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please download Lop S&D by Eric_71 to your desktop, if you have not already or you lost your copy.
  • Double click LopSD.exe to run it. If you are using Windows Vista, right-click on LopSD.exe icon and select Run as administrator.
  • Choose the language by typing of the corresponding letter and pressing Enter.
  • Click OK at the prompt.
  • At this point, close all windows.
  • Type 1 followed by Enter to selection option "1 - Search".
  • When the scan is finished, a report (C:\lopR.txt) will be generated, post the contents of it in your next reply.

Please post back with:
-the OTScanIt fix log
-the Lop S&D log
-a new OTScanIt scan log (leave settings at defaults, attached)

Still getting those popups?

With Regards,
The Panda

#6 RoysterV1

RoysterV1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 13 December 2008 - 04:23 AM

Process Explorer.EXE killed successfully!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB532191-CB4F-4B5A-998E-236840B4A0B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB532191-CB4F-4B5A-998E-236840B4A0B5}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ created successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antispyexpert.com not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gomyhit.com not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imageservr.com not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\spyguardpro.com not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\storageguardsoft.com not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ created successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ created successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antispyexpert.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gomyhit.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imageservr.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\spyguardpro.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\storageguardsoft.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ created successfully.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ .
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com not found.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antispyexpert.com not found.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gomyhit.com not found.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imageservr.com not found.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\spyguardpro.com not found.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\storageguardsoft.com not found.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ .
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:zhzspr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:srbxbn.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\wvUljjiH deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\HijjlUvw.ini2 moved successfully.
C:\WINDOWS\System32\kcofkuiy.ini moved successfully.
C:\Documents and Settings\Leeroy Reid\Application Data\IUpd721\Logs folder moved successfully.
C:\Documents and Settings\Leeroy Reid\Application Data\IUpd721 folder moved successfully.
C:\WINDOWS\System32\HijjlUvw.ini moved successfully.
C:\WINDOWS\System32\tdi folder moved successfully.
C:\WINDOWS\System32\ma1 folder moved successfully.
C:\WINDOWS\System32\bu folder moved successfully.
C:\WINDOWS\tasks\dbkcxast.job moved successfully.
C:\Documents and Settings\Leeroy Reid\Local Settings\Application Data\.# folder moved successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.3.0 fix logfile created on 12132008_091532

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#7 RoysterV1

RoysterV1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 13 December 2008 - 04:52 AM

Ok so here's the other 2 logs, and no i don't seem to be getting any more pop ups, but i didn't even mention i was getting any in the first place so how did you know?


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 3.40GHz )
BIOS : BIOS Date: 07/12/06 00:28:03 Ver: 08.00.10
USER : Leeroy Reid ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:298 Go (Free:90 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:2 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 13/12/2008| 9:37 )

--------------------\\ Listing folders in APPLIC~1

[19/09/2006|05:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[05/09/2006|22:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[01/09/2006|02:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[19/09/2006|13:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[19/09/2006|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/05/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[06/01/2007|00:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[24/11/2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[14/11/2007|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[07/03/2007|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Chin meal burn bits
[05/09/2006|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/12/2008|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[19/09/2006|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[24/11/2008|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[05/12/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[21/06/2008|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12/12/2008|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[21/06/2008|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[04/12/2008|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[12/11/2008|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rionix
[19/04/2007|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[23/08/2007|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[17/11/2008|15:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive
[03/12/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[05/12/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[23/08/2007|17:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[25/10/2007|14:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[19/09/2006|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/11/2006|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[11/06/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[14/10/2006|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[04/12/2008|21:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[19/09/2006|05:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[05/09/2006|22:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[01/09/2006|02:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[19/09/2006|05:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19/09/2006|13:31] C:\DOCUME~1\LEEROY~1\APPLIC~1\Adobe
[05/01/2007|21:10] C:\DOCUME~1\LEEROY~1\APPLIC~1\AdobeUM
[27/01/2007|18:08] C:\DOCUME~1\LEEROY~1\APPLIC~1\Apple Computer
[19/09/2006|05:20] C:\DOCUME~1\LEEROY~1\APPLIC~1\ATI
[04/12/2008|14:41] C:\DOCUME~1\LEEROY~1\APPLIC~1\AVG7
[14/11/2007|18:19] C:\DOCUME~1\LEEROY~1\APPLIC~1\AVS4YOU
[21/09/2006|19:06] C:\DOCUME~1\LEEROY~1\APPLIC~1\BitTorrent
[05/09/2006|22:37] C:\DOCUME~1\LEEROY~1\APPLIC~1\CyberLink
[20/12/2006|19:33] C:\DOCUME~1\LEEROY~1\APPLIC~1\DivX
[14/10/2006|15:13] C:\DOCUME~1\LEEROY~1\APPLIC~1\Google
[01/10/2006|14:27] C:\DOCUME~1\LEEROY~1\APPLIC~1\Identities
[21/06/2008|17:21] C:\DOCUME~1\LEEROY~1\APPLIC~1\InstallShield
[06/11/2007|16:31] C:\DOCUME~1\LEEROY~1\APPLIC~1\Macromedia
[05/12/2008|13:27] C:\DOCUME~1\LEEROY~1\APPLIC~1\Malwarebytes
[11/12/2008|14:42] C:\DOCUME~1\LEEROY~1\APPLIC~1\Microsoft
[19/09/2006|14:15] C:\DOCUME~1\LEEROY~1\APPLIC~1\Motive
[24/11/2008|15:16] C:\DOCUME~1\LEEROY~1\APPLIC~1\Nero
[25/04/2008|08:42] C:\DOCUME~1\LEEROY~1\APPLIC~1\Real
[03/12/2007|18:24] C:\DOCUME~1\LEEROY~1\APPLIC~1\SecuROM
[19/04/2007|19:33] C:\DOCUME~1\LEEROY~1\APPLIC~1\Sony Corporation
[23/08/2007|17:12] C:\DOCUME~1\LEEROY~1\APPLIC~1\Sony Ericsson
[05/08/2008|21:45] C:\DOCUME~1\LEEROY~1\APPLIC~1\Sports Interactive
[24/11/2006|01:07] C:\DOCUME~1\LEEROY~1\APPLIC~1\Sun
[05/12/2008|12:09] C:\DOCUME~1\LEEROY~1\APPLIC~1\SUPERAntiSpyware.com
[19/09/2006|14:58] C:\DOCUME~1\LEEROY~1\APPLIC~1\TeamViewer
[23/08/2007|17:19] C:\DOCUME~1\LEEROY~1\APPLIC~1\Teleca
[08/12/2008|16:19] C:\DOCUME~1\LEEROY~1\APPLIC~1\uTorrent
[15/11/2007|19:25] C:\DOCUME~1\LEEROY~1\APPLIC~1\Vso
[04/12/2008|21:38] C:\DOCUME~1\LEEROY~1\APPLIC~1\Yahoo!

[06/04/2008|17:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[13/11/2008|08:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[01/03/2007|21:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[19/09/2006|13:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[30/11/2007|20:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[13/12/2008 09:00][--ah-----] C:\WINDOWS\tasks\A225F1C591126F4D.job
[05/12/2008 13:58][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13/12/2008 09:18][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/02/2006 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A225F1C591126F4D.job )=( c:\docume~1\leeroy~1\applic~1\deadca~1\ProxyEggsAdmin.exe )

--------------------\\ Listing Folders in C:\Program Files

[12/11/2008|19:21] C:\Program Files\Action Ball 2
[19/09/2006|13:30] C:\Program Files\Adobe
[24/11/2008|11:35] C:\Program Files\Ahead
[19/09/2006|05:06] C:\Program Files\Analog Devices
[12/05/2008|20:30] C:\Program Files\Apple Software Update
[26/12/2006|16:02] C:\Program Files\ATI Technologies
[30/10/2006|16:17] C:\Program Files\BT Broadband
[12/07/2008|15:37] C:\Program Files\BT Broadband Desktop Help
[21/06/2008|18:04] C:\Program Files\BT Broadband Talk Softphone
[21/06/2008|18:03] C:\Program Files\btbb_wcm
[21/06/2008|18:02] C:\Program Files\BTHomeHub
[05/12/2008|12:08] C:\Program Files\Common Files
[01/09/2006|02:10] C:\Program Files\ComPlus Applications
[01/09/2006|02:43] C:\Program Files\CyberLink
[12/11/2008|16:15] C:\Program Files\DivX
[19/09/2006|14:57] C:\Program Files\DynGate
[21/06/2008|17:21] C:\Program Files\Edimax
[03/12/2007|18:04] C:\Program Files\Electronic Arts
[13/12/2008|09:10] C:\Program Files\ERUNT
[03/12/2007|18:20] C:\Program Files\GameSpy
[04/12/2008|21:15] C:\Program Files\Google
[01/03/2007|21:55] C:\Program Files\Grisoft
[19/09/2006|17:26] C:\Program Files\Guild Wars
[18/11/2008|21:52] C:\Program Files\InstallShield Installation Information
[19/09/2006|04:39] C:\Program Files\Intel
[12/12/2008|18:44] C:\Program Files\Internet Explorer
[18/07/2008|17:52] C:\Program Files\Java
[05/12/2008|13:27] C:\Program Files\Malwarebytes' Anti-Malware
[18/09/2008|11:26] C:\Program Files\Messenger
[11/06/2008|22:51] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[01/09/2006|02:12] C:\Program Files\microsoft frontpage
[21/06/2008|19:25] C:\Program Files\Microsoft Office
[21/06/2008|19:25] C:\Program Files\Microsoft Visual Studio
[21/06/2008|19:25] C:\Program Files\Microsoft Works
[26/12/2007|14:49] C:\Program Files\Microsoft Xbox 360 Accessories
[21/06/2008|19:24] C:\Program Files\Microsoft.NET
[21/06/2008|18:03] C:\Program Files\Motive
[18/09/2008|11:22] C:\Program Files\Movie Maker
[21/06/2008|19:25] C:\Program Files\MSBuild
[01/09/2006|02:09] C:\Program Files\MSN
[01/09/2006|02:09] C:\Program Files\MSN Gaming Zone
[24/08/2007|16:52] C:\Program Files\MSXML 4.0
[04/12/2008|13:36] C:\Program Files\Nero
[18/09/2008|11:20] C:\Program Files\NetMeeting
[01/09/2006|02:09] C:\Program Files\Online Services
[18/09/2008|11:20] C:\Program Files\Outlook Express
[12/05/2008|20:31] C:\Program Files\QuickTime
[19/09/2006|14:34] C:\Program Files\Real
[06/12/2008|11:08] C:\Program Files\Saga
[17/03/2008|20:26] C:\Program Files\Smart FLV Converter
[19/04/2007|19:26] C:\Program Files\Sony
[19/04/2007|19:26] C:\Program Files\Sony Corporation
[23/08/2007|17:08] C:\Program Files\Sony Ericsson
[17/11/2008|14:33] C:\Program Files\Sports Interactive
[04/12/2008|22:41] C:\Program Files\Spybot - Search & Destroy
[05/12/2008|12:09] C:\Program Files\SUPERAntiSpyware
[05/12/2008|14:40] C:\Program Files\trend micro
[01/09/2006|02:14] C:\Program Files\Uninstall Information
[16/06/2008|18:44] C:\Program Files\uTorrent
[11/06/2008|09:42] C:\Program Files\Windows Live
[25/11/2006|02:12] C:\Program Files\Windows Media Connect 2
[18/09/2008|11:20] C:\Program Files\Windows Media Player
[18/09/2008|11:20] C:\Program Files\Windows NT
[01/09/2006|02:10] C:\Program Files\WindowsUpdate
[09/02/2007|17:01] C:\Program Files\WinRAR
[01/09/2006|02:12] C:\Program Files\xerox
[21/06/2008|18:05] C:\Program Files\Yahoo!
[04/12/2008|21:42] C:\Program Files\Yahoo! Anti-Spy
[25/07/2008|10:29] C:\Program Files\Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/01/2007|21:10] C:\Program Files\Common Files\Adobe
[19/09/2006|05:18] C:\Program Files\Common Files\ATI Technologies
[17/03/2008|20:26] C:\Program Files\Common Files\AVSMedia
[21/06/2008|19:25] C:\Program Files\Common Files\DESIGNER
[20/10/2006|17:39] C:\Program Files\Common Files\InstallShield
[29/09/2006|19:20] C:\Program Files\Common Files\Java
[24/08/2008|21:36] C:\Program Files\Common Files\Microsoft Shared
[21/06/2008|18:03] C:\Program Files\Common Files\Motive
[01/09/2006|02:10] C:\Program Files\Common Files\MSSoap
[04/12/2008|13:48] C:\Program Files\Common Files\Nero
[31/08/2006|19:06] C:\Program Files\Common Files\ODBC
[16/06/2008|09:07] C:\Program Files\Common Files\Real
[04/12/2008|21:42] C:\Program Files\Common Files\Scanner
[01/09/2006|02:10] C:\Program Files\Common Files\Services
[23/08/2007|17:08] C:\Program Files\Common Files\Sony Ericsson Shared
[19/04/2007|19:26] C:\Program Files\Common Files\Sony Shared
[31/08/2006|19:06] C:\Program Files\Common Files\SpeechEngines
[18/09/2008|11:20] C:\Program Files\Common Files\System
[23/08/2007|17:08] C:\Program Files\Common Files\Teleca Shared
[11/06/2008|09:41] C:\Program Files\Common Files\WindowsLiveInstaller
[05/12/2008|12:08] C:\Program Files\Common Files\Wise Installation Wizard
[16/06/2008|09:08] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 26 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\WINDOWS\Tasks\A225F1C591126F4D.job

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 09:38:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\LEEROY~1\Favorites\PSP Hacks ˙ Hacks, PSP Downloads, Cracks, Mods, Homebrew, Utilities ˙ Hack Sony Play Station Portable.url
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\AVS Video Tools 5.1Full + crack 100%.rar
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r00
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r01
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r02
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r03
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r04
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r05
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r06
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r07
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r08
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r09
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r10
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.rar
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.sfv
C:\DOCUME~1\LEEROY~1\Recent\fm2009-crack&patch (2).lnk
C:\DOCUME~1\LEEROY~1\Recent\fm2009-crack&patch (3).lnk
C:\DOCUME~1\LEEROY~1\Recent\fm2009-crack&patch (4).lnk
C:\DOCUME~1\LEEROY~1\Recent\fm2009-crack&patch.lnk


[F:1][D:1]-> C:\DOCUME~1\LEEROY~1\LOCALS~1\Temp
[F:24][D:0]-> C:\DOCUME~1\LEEROY~1\Cookies
[F:912][D:17]-> C:\DOCUME~1\LEEROY~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/12/2008| 9:39 - Option : [1]

--------------------\\ Scan completed at 9:39:03

Attached Files



#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 13 December 2008 - 05:44 AM

Hello.

You didn't :thumbsup: ? Virtumonde creates popups.

You seem you have some cracks and keygens on your machine. Lop S&D will delete them because the Lop infection usually comes with them.

Disable your protection before continueing.

Run Lop S&D Option 2
You can find a detailed instructions with visuals here:
http://eric.71.mespages.googlepages.com/lop.sd.en
  • Disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please download Lop S&D by Eric_71 to your desktop, if you have not already or you lost your copy.
  • Double click LopSD.exe to run it. If you are using Windows Vista, right-click on LopSD.exe icon and select Run as administrator.
  • Choose the language by typing of the corresponding letter and pressing Enter.
  • Click OK at the prompt.
  • At this point, close all windows.
  • Type 2 followed by Enter to selection option "2 - Fix + Hosts".
  • When the scan is finished, a report (C:\lopR.txt) will be generated, post the contents of it in your next reply.
Run this fix with OTScanIt:
[Custom Items]
:files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Chin meal burn bits\
:end

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Please post back with:
-the Lop S&D log
-the OTScanIt fix log You may run out of attachment space. If so, go to your Control Panel to remove your previous attachments to make room for new ones.
-a new OTScanIt scan log
-a new HijackThis log

With Regards,
The Panda

#9 RoysterV1

RoysterV1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 14 December 2008 - 06:08 AM

I don't think my avg turns off properly, i went to the link for help but i have abg free addition, and when i click on the avg symbol to turn it off it just takes me to a website to buy the full version. Thats it, any ideas?

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel« Pentium« D CPU 3.40GHz )
BIOS : BIOS Date: 07/12/06 00:28:03 Ver: 08.00.10
USER : Leeroy Reid ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:298 Go (Free:90 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:2 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 14/12/2008|11:04 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\WINDOWS\Tasks\A225F1C591126F4D.job
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[19/09/2006|05:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[05/09/2006|22:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[01/09/2006|02:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[19/09/2006|13:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[19/09/2006|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/05/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[06/01/2007|00:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[24/11/2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[14/11/2007|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[07/03/2007|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Chin meal burn bits
[05/09/2006|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/12/2008|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[19/09/2006|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[24/11/2008|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[05/12/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[21/06/2008|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12/12/2008|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[21/06/2008|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[04/12/2008|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[12/11/2008|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rionix
[19/04/2007|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[23/08/2007|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[17/11/2008|15:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive
[03/12/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[05/12/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[23/08/2007|17:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[25/10/2007|14:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[19/09/2006|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/11/2006|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[11/06/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[14/10/2006|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[04/12/2008|21:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[19/09/2006|05:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[05/09/2006|22:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[01/09/2006|02:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[19/09/2006|05:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19/09/2006|13:31] C:\DOCUME~1\LEEROY~1\APPLIC~1\Adobe
[05/01/2007|21:10] C:\DOCUME~1\LEEROY~1\APPLIC~1\AdobeUM
[27/01/2007|18:08] C:\DOCUME~1\LEEROY~1\APPLIC~1\Apple Computer
[19/09/2006|05:20] C:\DOCUME~1\LEEROY~1\APPLIC~1\ATI
[04/12/2008|14:41] C:\DOCUME~1\LEEROY~1\APPLIC~1\AVG7
[14/11/2007|18:19] C:\DOCUME~1\LEEROY~1\APPLIC~1\AVS4YOU
[21/09/2006|19:06] C:\DOCUME~1\LEEROY~1\APPLIC~1\BitTorrent
[05/09/2006|22:37] C:\DOCUME~1\LEEROY~1\APPLIC~1\CyberLink
[20/12/2006|19:33] C:\DOCUME~1\LEEROY~1\APPLIC~1\DivX
[14/10/2006|15:13] C:\DOCUME~1\LEEROY~1\APPLIC~1\Google
[01/10/2006|14:27] C:\DOCUME~1\LEEROY~1\APPLIC~1\Identities
[21/06/2008|17:21] C:\DOCUME~1\LEEROY~1\APPLIC~1\InstallShield
[06/11/2007|16:31] C:\DOCUME~1\LEEROY~1\APPLIC~1\Macromedia
[05/12/2008|13:27] C:\DOCUME~1\LEEROY~1\APPLIC~1\Malwarebytes
[11/12/2008|14:42] C:\DOCUME~1\LEEROY~1\APPLIC~1\Microsoft
[19/09/2006|14:15] C:\DOCUME~1\LEEROY~1\APPLIC~1\Motive
[24/11/2008|15:16] C:\DOCUME~1\LEEROY~1\APPLIC~1\Nero
[25/04/2008|08:42] C:\DOCUME~1\LEEROY~1\APPLIC~1\Real
[03/12/2007|18:24] C:\DOCUME~1\LEEROY~1\APPLIC~1\SecuROM
[19/04/2007|19:33] C:\DOCUME~1\LEEROY~1\APPLIC~1\Sony Corporation
[23/08/2007|17:12] C:\DOCUME~1\LEEROY~1\APPLIC~1\Sony Ericsson
[05/08/2008|21:45] C:\DOCUME~1\LEEROY~1\APPLIC~1\Sports Interactive
[24/11/2006|01:07] C:\DOCUME~1\LEEROY~1\APPLIC~1\Sun
[05/12/2008|12:09] C:\DOCUME~1\LEEROY~1\APPLIC~1\SUPERAntiSpyware.com
[19/09/2006|14:58] C:\DOCUME~1\LEEROY~1\APPLIC~1\TeamViewer
[23/08/2007|17:19] C:\DOCUME~1\LEEROY~1\APPLIC~1\Teleca
[08/12/2008|16:19] C:\DOCUME~1\LEEROY~1\APPLIC~1\uTorrent
[15/11/2007|19:25] C:\DOCUME~1\LEEROY~1\APPLIC~1\Vso
[04/12/2008|21:38] C:\DOCUME~1\LEEROY~1\APPLIC~1\Yahoo!

[06/04/2008|17:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[13/11/2008|08:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[01/03/2007|21:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[19/09/2006|13:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[30/11/2007|20:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/12/2008 13:58][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14/12/2008 10:51][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/02/2006 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/11/2008|19:21] C:\Program Files\Action Ball 2
[19/09/2006|13:30] C:\Program Files\Adobe
[24/11/2008|11:35] C:\Program Files\Ahead
[19/09/2006|05:06] C:\Program Files\Analog Devices
[12/05/2008|20:30] C:\Program Files\Apple Software Update
[26/12/2006|16:02] C:\Program Files\ATI Technologies
[30/10/2006|16:17] C:\Program Files\BT Broadband
[12/07/2008|15:37] C:\Program Files\BT Broadband Desktop Help
[21/06/2008|18:04] C:\Program Files\BT Broadband Talk Softphone
[21/06/2008|18:03] C:\Program Files\btbb_wcm
[21/06/2008|18:02] C:\Program Files\BTHomeHub
[05/12/2008|12:08] C:\Program Files\Common Files
[01/09/2006|02:10] C:\Program Files\ComPlus Applications
[01/09/2006|02:43] C:\Program Files\CyberLink
[12/11/2008|16:15] C:\Program Files\DivX
[19/09/2006|14:57] C:\Program Files\DynGate
[21/06/2008|17:21] C:\Program Files\Edimax
[03/12/2007|18:04] C:\Program Files\Electronic Arts
[13/12/2008|09:10] C:\Program Files\ERUNT
[03/12/2007|18:20] C:\Program Files\GameSpy
[04/12/2008|21:15] C:\Program Files\Google
[01/03/2007|21:55] C:\Program Files\Grisoft
[19/09/2006|17:26] C:\Program Files\Guild Wars
[18/11/2008|21:52] C:\Program Files\InstallShield Installation Information
[19/09/2006|04:39] C:\Program Files\Intel
[12/12/2008|18:44] C:\Program Files\Internet Explorer
[18/07/2008|17:52] C:\Program Files\Java
[05/12/2008|13:27] C:\Program Files\Malwarebytes' Anti-Malware
[18/09/2008|11:26] C:\Program Files\Messenger
[11/06/2008|22:51] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[01/09/2006|02:12] C:\Program Files\microsoft frontpage
[21/06/2008|19:25] C:\Program Files\Microsoft Office
[21/06/2008|19:25] C:\Program Files\Microsoft Visual Studio
[21/06/2008|19:25] C:\Program Files\Microsoft Works
[26/12/2007|14:49] C:\Program Files\Microsoft Xbox 360 Accessories
[21/06/2008|19:24] C:\Program Files\Microsoft.NET
[21/06/2008|18:03] C:\Program Files\Motive
[18/09/2008|11:22] C:\Program Files\Movie Maker
[21/06/2008|19:25] C:\Program Files\MSBuild
[01/09/2006|02:09] C:\Program Files\MSN
[01/09/2006|02:09] C:\Program Files\MSN Gaming Zone
[24/08/2007|16:52] C:\Program Files\MSXML 4.0
[04/12/2008|13:36] C:\Program Files\Nero
[18/09/2008|11:20] C:\Program Files\NetMeeting
[01/09/2006|02:09] C:\Program Files\Online Services
[18/09/2008|11:20] C:\Program Files\Outlook Express
[12/05/2008|20:31] C:\Program Files\QuickTime
[19/09/2006|14:34] C:\Program Files\Real
[06/12/2008|11:08] C:\Program Files\Saga
[17/03/2008|20:26] C:\Program Files\Smart FLV Converter
[19/04/2007|19:26] C:\Program Files\Sony
[19/04/2007|19:26] C:\Program Files\Sony Corporation
[23/08/2007|17:08] C:\Program Files\Sony Ericsson
[17/11/2008|14:33] C:\Program Files\Sports Interactive
[04/12/2008|22:41] C:\Program Files\Spybot - Search & Destroy
[05/12/2008|12:09] C:\Program Files\SUPERAntiSpyware
[05/12/2008|14:40] C:\Program Files\trend micro
[01/09/2006|02:14] C:\Program Files\Uninstall Information
[16/06/2008|18:44] C:\Program Files\uTorrent
[11/06/2008|09:42] C:\Program Files\Windows Live
[25/11/2006|02:12] C:\Program Files\Windows Media Connect 2
[18/09/2008|11:20] C:\Program Files\Windows Media Player
[18/09/2008|11:20] C:\Program Files\Windows NT
[01/09/2006|02:10] C:\Program Files\WindowsUpdate
[09/02/2007|17:01] C:\Program Files\WinRAR
[01/09/2006|02:12] C:\Program Files\xerox
[21/06/2008|18:05] C:\Program Files\Yahoo!
[04/12/2008|21:42] C:\Program Files\Yahoo! Anti-Spy
[25/07/2008|10:29] C:\Program Files\Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/01/2007|21:10] C:\Program Files\Common Files\Adobe
[19/09/2006|05:18] C:\Program Files\Common Files\ATI Technologies
[17/03/2008|20:26] C:\Program Files\Common Files\AVSMedia
[21/06/2008|19:25] C:\Program Files\Common Files\DESIGNER
[20/10/2006|17:39] C:\Program Files\Common Files\InstallShield
[29/09/2006|19:20] C:\Program Files\Common Files\Java
[24/08/2008|21:36] C:\Program Files\Common Files\Microsoft Shared
[21/06/2008|18:03] C:\Program Files\Common Files\Motive
[01/09/2006|02:10] C:\Program Files\Common Files\MSSoap
[04/12/2008|13:48] C:\Program Files\Common Files\Nero
[31/08/2006|19:06] C:\Program Files\Common Files\ODBC
[16/06/2008|09:07] C:\Program Files\Common Files\Real
[04/12/2008|21:42] C:\Program Files\Common Files\Scanner
[01/09/2006|02:10] C:\Program Files\Common Files\Services
[23/08/2007|17:08] C:\Program Files\Common Files\Sony Ericsson Shared
[19/04/2007|19:26] C:\Program Files\Common Files\Sony Shared
[31/08/2006|19:06] C:\Program Files\Common Files\SpeechEngines
[18/09/2008|11:20] C:\Program Files\Common Files\System
[23/08/2007|17:08] C:\Program Files\Common Files\Teleca Shared
[11/06/2008|09:41] C:\Program Files\Common Files\WindowsLiveInstaller
[05/12/2008|12:08] C:\Program Files\Common Files\Wise Installation Wizard
[16/06/2008|09:08] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 28 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\LEEROY~1\Cookies\leeroy_reid@advertising[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 11:04:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\LEEROY~1\Favorites\PSP Hacks ˙ Hacks, PSP Downloads, Cracks, Mods, Homebrew, Utilities ˙ Hack Sony Play Station Portable.url
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\AVS Video Tools 5.1Full + crack 100%.rar
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r00
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r01
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r02
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r03
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r04
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r05
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r06
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r07
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r08
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r09
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.r10
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.rar
C:\DOCUME~1\LEEROY~1\My Documents\Downloads\FOOTBALL_MANAGER_2009-\CRACK\fm2009-crack&patch.sfv
C:\DOCUME~1\LEEROY~1\Recent\fm2009-crack&patch (2).lnk
C:\DOCUME~1\LEEROY~1\Recent\fm2009-crack&patch (3).lnk
C:\DOCUME~1\LEEROY~1\Recent\fm2009-crack&patch (4).lnk
C:\DOCUME~1\LEEROY~1\Recent\fm2009-crack&patch.lnk


[F:5][D:1]-> C:\DOCUME~1\LEEROY~1\LOCALS~1\Temp
[F:58][D:0]-> C:\DOCUME~1\LEEROY~1\Cookies
[F:2855][D:17]-> C:\DOCUME~1\LEEROY~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/12/2008| 9:39 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 14/12/2008|11:05 - Option : [2]

--------------------\\ Scan completed at 11:05:55

Edited by RoysterV1, 14 December 2008 - 07:29 AM.


#10 RoysterV1

RoysterV1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 14 December 2008 - 06:14 AM

Logfile of random's system information tool 1.04 (written by random/random)
Run by Leeroy Reid at 2008-12-14 13:57:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 93 GB (30%) free of 305 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:39, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Leeroy Reid\Desktop\RSIT.exe
C:\Program Files\trend micro\Leeroy Reid.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.google.co.uk
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Leeroy Reid\Local Settings\Temp\{435AF8AE-C245-4956-88D4-CDF0DBCD8A4A}\NMSAccessU.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 3621 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-09-07 716800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

C:\Documents and Settings\Leeroy Reid\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-22 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Leeroy Reid\temp\TeamViewer\TeamViewer.exe"="C:\Documents and Settings\Leeroy Reid\temp\TeamViewer\TeamViewer.exe:*:Disabled:TeamViewer"
"C:\Program Files\DynGate\DynGate.exe"="C:\Program Files\DynGate\DynGate.exe:*:Enabled:DynGate Router"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:ÁTorrent"
"C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe:*:Enabled:Football Manager 2007"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-14 12:21:18 ----D---- C:\WINDOWS\pss
2008-12-13 09:37:07 ----A---- C:\lopR.txt
2008-12-13 09:35:49 ----D---- C:\Lop SD
2008-12-13 09:13:09 ----D---- C:\_OTScanIt
2008-12-13 09:11:34 ----D---- C:\WINDOWS\ERDNT
2008-12-13 09:10:09 ----D---- C:\Program Files\ERUNT
2008-12-12 18:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 18:42:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 18:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 18:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 10:15:21 ----A---- C:\WINDOWS\gmer.ini
2008-12-12 10:15:20 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-12 10:15:20 ----A---- C:\WINDOWS\gmer.exe
2008-12-12 10:15:20 ----A---- C:\WINDOWS\gmer.dll
2008-12-05 14:40:27 ----D---- C:\Program Files\trend micro
2008-12-05 14:40:24 ----D---- C:\rsit
2008-12-05 13:27:07 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\Malwarebytes
2008-12-05 13:27:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 13:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-05 12:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-05 12:09:40 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-05 12:09:40 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\SUPERAntiSpyware.com
2008-12-05 12:08:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-04 21:42:12 ----D---- C:\Program Files\Common Files\Scanner
2008-12-04 21:42:07 ----D---- C:\Program Files\Yahoo! Anti-Spy
2008-12-04 21:38:33 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\Yahoo!
2008-12-03 22:58:58 ----A---- C:\WINDOWS\system32\2763d1b8-.txt
2008-11-24 15:16:09 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-11-24 15:15:48 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\Nero
2008-11-24 15:03:29 ----A---- C:\WINDOWS\Irremote.ini
2008-11-24 14:50:32 ----D---- C:\Program Files\Nero
2008-11-24 14:50:05 ----D---- C:\Program Files\Common Files\Nero
2008-11-24 14:50:05 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-11-23 11:53:39 ----D---- C:\Program Files\Saga
2008-11-17 14:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2008-11-17 14:55:18 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-17 14:55:18 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-17 14:55:18 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-17 14:55:17 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-17 14:55:17 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-17 14:55:17 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-17 14:55:16 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-17 14:55:16 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-17 14:55:15 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-17 14:55:15 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-17 14:55:14 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-17 14:55:14 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-17 14:55:13 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-17 14:55:13 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-17 14:55:12 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-17 14:55:12 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-17 14:55:11 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-17 14:55:10 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-17 14:55:08 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-17 14:55:08 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-17 14:55:06 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-17 14:55:04 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-17 14:55:04 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-17 14:55:02 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-17 14:55:01 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-17 14:54:20 ----D---- C:\WINDOWS\Logs

======List of files/folders modified in the last 1 months======

2008-12-14 13:57:36 ----D---- C:\WINDOWS\Prefetch
2008-12-14 12:21:18 ----D---- C:\WINDOWS
2008-12-14 11:05:29 ----D---- C:\WINDOWS\Temp
2008-12-14 11:04:02 ----SD---- C:\WINDOWS\Tasks
2008-12-14 10:51:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 10:51:29 ----D---- C:\WINDOWS\Registration
2008-12-13 10:16:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 09:15:50 ----D---- C:\WINDOWS\system32
2008-12-13 09:10:09 ----RD---- C:\Program Files
2008-12-12 18:45:41 ----SHD---- C:\WINDOWS\Installer
2008-12-12 18:45:38 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-12 18:45:05 ----HD---- C:\WINDOWS\inf
2008-12-12 18:44:58 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 18:44:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-12 18:44:52 ----D---- C:\Program Files\Internet Explorer
2008-12-12 18:44:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 10:15:20 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 14:42:02 ----SD---- C:\Documents and Settings\Leeroy Reid\Application Data\Microsoft
2008-12-09 23:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 16:19:43 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\uTorrent
2008-12-07 10:55:50 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-05 13:50:58 ----D---- C:\WINDOWS\Minidump
2008-12-05 12:08:26 ----D---- C:\Program Files\Common Files
2008-12-04 22:41:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-04 21:42:35 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-04 21:40:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-04 21:15:34 ----D---- C:\Program Files\Google
2008-12-04 21:15:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-04 15:22:20 ----RHD---- C:\$VAULT$.AVG
2008-12-04 14:41:43 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\AVG7
2008-12-04 11:09:30 ----A---- C:\WINDOWS\wininit.ini
2008-12-03 22:53:33 ----D---- C:\temp
2008-11-24 15:55:08 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-24 11:35:49 ----D---- C:\Program Files\Ahead
2008-11-24 11:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-11-18 21:52:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 14:55:20 ----D---- C:\WINDOWS\system32\DirectX
2008-11-17 14:33:25 ----D---- C:\Program Files\Sports Interactive

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-03-01 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-03-01 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-20 10760]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-12 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-21 21419]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-03-01 4960]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-22 2829824]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2006-09-06 168832]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-15 47360]
R3 rt2870;802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 476416]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-09 162944]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
S3 w550bus;Sony Ericsson W550 driver (WDM); C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-07-15 60928]
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-07-15 8336]
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-07-15 96672]
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2005-07-15 88080]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w550obex.sys [2005-07-15 85952]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2004-10-29 53337]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-23 418816]
S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-03-01 49664]
S2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2007-12-20 406528]
S2 NMSAccessU;NMSAccessU; C:\Documents and Settings\Leeroy Reid\Local Settings\Temp\{435AF8AE-C245-4956-88D4-CDF0DBCD8A4A}\NMSAccessU.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2004-10-29 69718]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Attached Files


Edited by RoysterV1, 14 December 2008 - 08:58 AM.


#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 14 December 2008 - 06:56 AM

Hello.

Please continue with running Kaspersky, and taking a new scan log with OTScanIt and HijackThis.

I probably can't reply again until tomorrow.

With Regards,
The Panda

#12 RoysterV1

RoysterV1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 14 December 2008 - 09:00 AM

i tried a kaspersky scan, it gets to 55% in like 30 mins but then stays on 55% f0r like 1 hour and 3o mins, so i done the other scans first, i will now try kaspersky and see if it'll actually finish the scan.

I tried it again and my computer crashed after 2 hours of scanning once again it really slowed once it got to 55%. Do you really need this scan, if so i'll try again

Edited by RoysterV1, 14 December 2008 - 11:10 AM.


#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 14 December 2008 - 08:26 PM

No, it's not really needed.

OTScanIt log looks good.

AVG7 is outdated. I would advise uninstalling it and installing a new one:After installing, update the database, run a full system scan and remove any items found.

Post back a new HijackThis log after.

With Regards,
The Panda

#14 RoysterV1

RoysterV1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 15 December 2008 - 08:24 AM

Logfile of random's system information tool 1.04 (written by random/random)
Run by Leeroy Reid at 2008-12-15 13:22:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 94 GB (31%) free of 305 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:58, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Leeroy Reid\Desktop\RSIT.exe
C:\Program Files\trend micro\Leeroy Reid.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.google.co.uk
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Leeroy Reid\Local Settings\Temp\{435AF8AE-C245-4956-88D4-CDF0DBCD8A4A}\NMSAccessU.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 3691 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-15 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-09-07 716800]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-15 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

C:\Documents and Settings\Leeroy Reid\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-22 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Leeroy Reid\temp\TeamViewer\TeamViewer.exe"="C:\Documents and Settings\Leeroy Reid\temp\TeamViewer\TeamViewer.exe:*:Disabled:TeamViewer"
"C:\Program Files\DynGate\DynGate.exe"="C:\Program Files\DynGate\DynGate.exe:*:Enabled:DynGate Router"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:ÁTorrent"
"C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe:*:Enabled:Football Manager 2007"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-15 12:21:38 ----HD---- C:\$AVG8.VAULT$
2008-12-15 11:41:06 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-15 11:40:54 ----D---- C:\Program Files\AVG
2008-12-15 11:40:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-14 12:21:18 ----D---- C:\WINDOWS\pss
2008-12-13 09:37:07 ----A---- C:\lopR.txt
2008-12-13 09:35:49 ----D---- C:\Lop SD
2008-12-13 09:13:09 ----D---- C:\_OTScanIt
2008-12-13 09:11:34 ----D---- C:\WINDOWS\ERDNT
2008-12-13 09:10:09 ----D---- C:\Program Files\ERUNT
2008-12-12 18:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 18:42:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 18:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 18:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 10:15:21 ----A---- C:\WINDOWS\gmer.ini
2008-12-12 10:15:20 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-12 10:15:20 ----A---- C:\WINDOWS\gmer.exe
2008-12-12 10:15:20 ----A---- C:\WINDOWS\gmer.dll
2008-12-05 14:40:27 ----D---- C:\Program Files\trend micro
2008-12-05 14:40:24 ----D---- C:\rsit
2008-12-05 13:27:07 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\Malwarebytes
2008-12-05 13:27:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 13:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-05 12:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-05 12:09:40 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-05 12:09:40 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\SUPERAntiSpyware.com
2008-12-05 12:08:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-04 21:42:12 ----D---- C:\Program Files\Common Files\Scanner
2008-12-04 21:42:07 ----D---- C:\Program Files\Yahoo! Anti-Spy
2008-12-04 21:38:33 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\Yahoo!
2008-12-03 22:58:58 ----A---- C:\WINDOWS\system32\2763d1b8-.txt
2008-11-24 15:16:09 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-11-24 15:15:48 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\Nero
2008-11-24 15:03:29 ----A---- C:\WINDOWS\Irremote.ini
2008-11-24 14:50:32 ----D---- C:\Program Files\Nero
2008-11-24 14:50:05 ----D---- C:\Program Files\Common Files\Nero
2008-11-24 14:50:05 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-11-23 11:53:39 ----D---- C:\Program Files\Saga
2008-11-17 14:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2008-11-17 14:55:18 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-17 14:55:18 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-17 14:55:18 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-17 14:55:17 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-17 14:55:17 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-17 14:55:17 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-17 14:55:16 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-17 14:55:16 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-17 14:55:15 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-17 14:55:15 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-17 14:55:14 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-17 14:55:14 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-17 14:55:13 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-17 14:55:13 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-17 14:55:12 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-17 14:55:12 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-17 14:55:11 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-17 14:55:10 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-17 14:55:08 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-17 14:55:08 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-17 14:55:06 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-17 14:55:04 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-17 14:55:04 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-17 14:55:02 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-17 14:55:01 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-17 14:54:20 ----D---- C:\WINDOWS\Logs

======List of files/folders modified in the last 1 months======

2008-12-15 13:22:55 ----D---- C:\WINDOWS\Temp
2008-12-15 11:50:13 ----D---- C:\WINDOWS\Prefetch
2008-12-15 11:45:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-15 11:45:25 ----D---- C:\WINDOWS\Registration
2008-12-15 11:44:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-15 11:41:11 ----D---- C:\WINDOWS\system32\drivers
2008-12-15 11:41:06 ----D---- C:\WINDOWS\system32
2008-12-15 11:40:54 ----RD---- C:\Program Files
2008-12-15 11:40:36 ----SHD---- C:\WINDOWS\Installer
2008-12-15 11:38:23 ----D---- C:\WINDOWS
2008-12-15 11:21:33 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-14 16:13:15 ----D---- C:\Documents and Settings\Leeroy Reid\Application Data\uTorrent
2008-12-14 16:04:54 ----D---- C:\WINDOWS\Minidump
2008-12-14 11:04:02 ----SD---- C:\WINDOWS\Tasks
2008-12-12 18:45:38 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-12 18:45:05 ----HD---- C:\WINDOWS\inf
2008-12-12 18:44:58 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 18:44:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-12 18:44:52 ----D---- C:\Program Files\Internet Explorer
2008-12-12 18:44:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-11 14:42:02 ----SD---- C:\Documents and Settings\Leeroy Reid\Application Data\Microsoft
2008-12-09 23:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 10:55:50 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-05 12:08:26 ----D---- C:\Program Files\Common Files
2008-12-04 21:42:35 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-04 21:40:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-04 21:15:34 ----D---- C:\Program Files\Google
2008-12-04 21:15:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-04 11:09:30 ----A---- C:\WINDOWS\wininit.ini
2008-12-03 22:53:33 ----D---- C:\temp
2008-11-24 15:55:08 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-24 11:35:49 ----D---- C:\Program Files\Ahead
2008-11-18 21:52:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 14:55:20 ----D---- C:\WINDOWS\system32\DirectX
2008-11-17 14:33:25 ----D---- C:\Program Files\Sports Interactive

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-15 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-15 26824]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-12 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-21 21419]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-22 2829824]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2006-09-06 168832]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-15 47360]
R3 rt2870;802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 476416]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-09 162944]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
S3 w550bus;Sony Ericsson W550 driver (WDM); C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-07-15 60928]
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-07-15 8336]
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-07-15 96672]
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2005-07-15 88080]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w550obex.sys [2005-07-15 85952]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 231704]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2004-10-29 53337]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192]
S2 NMSAccessU;NMSAccessU; C:\Documents and Settings\Leeroy Reid\Local Settings\Temp\{435AF8AE-C245-4956-88D4-CDF0DBCD8A4A}\NMSAccessU.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2004-10-29 69718]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 15 December 2008 - 09:01 PM

Hello.

Looks good. If it's good on your side too, then we can wrap up.

Run Cleanup with OTScantIt
This will remove all the tools we used.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Click the CleanUp bottun.
  • Restart if prompted.
Remove ERUNT Backups
You should remove all the backups that ERUNT has made. Those backups may contain old registry keys, possibly those created by malware.

Delete everything under:
C:\WINDOWS\erdnt\

ERUNT will automatically remove backups older than 30 days, so there is no need to clear that folder manually in the future.

It is a good idea to have ERUNT installed, even when you are not infected. Tasks like installing programs and changing settings, which involve working with the registry, can cause problems that can be quickly undone by reverting to a backup. However, if you wish to uninstall the program, do so using Add/Remove Programs.

Set New System Restore Point
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restore.
  • Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type:
    cleanmgr
  • Click OK.
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

For general slowness problems, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users