Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtumonde/Virtun-Gen


  • This topic is locked This topic is locked
15 replies to this topic

#1 PetePA8820

PetePA8820

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 05 December 2008 - 04:35 PM

Spyware Doctor and Sophos keep finding versions of these on my machine and try to remove them, but they never seem to go away. I keep getting randon popups and system performance has become terrible. Here are the logs. Thanks in advance for the help !!!

info.txt logfile of random's system information tool 1.04 2008-12-05 16:20:42

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8.1.2 Standard-->msiexec /I {AC76BA86-1033-F400-BA7E-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{3AE87269-BD57-4A58-B13D-FC67664BCFB8}
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{3AE87269-BD57-4A58-B13D-FC67664BCFB8}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033
Canon EOS-1Ds Mark II WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{652C4ADF-0A29-4B02-9211-EE61675847DE}
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 3.0-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities WFT-E1/E2 Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Crew Scheduling-->C:\PROGRA~1\CREWSC~1\UNWISE.EXE C:\PROGRA~1\CREWSC~1\INSTALL.LOG
Diamond Mind Baseball version 9-->C:\dmb9\UNWISE.EXE C:\dmb9\INSTALL.LOG
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
eRouteServer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEFAD849-69EC-4134-810B-4652ECE21DAB}\setup.exe" -l0x9
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
FortiClient-->MsiExec.exe /I{C2FAE67B-9C91-4C88-91C6-37E4D5F50FE9}
Glance 2.3-->"C:\Program Files\Glance23\unins000.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver-->MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GroupWise Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FC0833E-073C-4D5D-A046-74BC32358CB3}\Setup.exe" UNINSTALL
GroupWise-->MsiExec.exe /I{B8468DEE-E275-440D-BDCA-B6BC9478DD56}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800)-->"C:\WINDOWS\$NtUninstallKB915800$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internet Sweeper-->C:\WINDOWS\SYSTEM32\SWEEPER.EXE /U
James Habel Software BallStat 10.12.16-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\BallStat\Deploy.log"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0007_e92f677\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LinkPoint for salesforce.com (Novell GroupWise Edition)-->MsiExec.exe /I{9B016BB1-1A30-4CDB-B439-8CB84281A37E}
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MVision-->MsiExec.exe /I{5FE1E412-D114-46E8-A891-5BE087B256A5}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
netbrdg-->MsiExec.exe /I{11511E0E-B847-46CD-81EF-1A8C488A042C}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
North American Railroad Map v 3.00 Demo-->"C:\Railroad Map 3 Demo\unins000.exe"
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PTV eLocateServer 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{253D8F9E-01DD-4CD0-B5F5-3DAD11EBF1E6}\Setup.exe" -l0x9
PTV eMapServer 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8438536-490F-442F-B4E8-E943F2BC7267}\Setup.exe" -l0x9
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Quintiq Application Suite 4.0.0.14 30853-->C:\PROGRA~1\Quintiq\UNINST~1\APPLIC~1\UNWISE.EXE C:\PROGRA~1\Quintiq\UNINST~1\APPLIC~1\INSTALL.LOG
Quintiq Application Suite 4.0.0.8 SP2-->C:\PROGRA~1\Quintiq\UNINST~1\APPLIC~1\UNWISE.EXE C:\PROGRA~1\Quintiq\UNINST~1\APPLIC~1\INSTALL.LOG
Quintiq Application Suite 4.0.0.8-->C:\PROGRA~1\Quintiq\UNINST~1\APPLIC~1\UNWISE.EXE C:\PROGRA~1\Quintiq\UNINST~1\APPLIC~1\INSTALL.LOG
Quintiq Application Suite 4.1.0.9-->C:\PROGRA~1\Quintiq4.1\UNINST~1\APPLIC~1\UNWISE.EXE C:\PROGRA~1\Quintiq4.1\UNINST~1\APPLIC~1\INSTALL.LOG
Quintiq Application Suite Documentation 4.0-->C:\PROGRA~1\Quintiq\UNINST~1\HTML\UNWISE.EXE C:\PROGRA~1\Quintiq\UNINST~1\HTML\INSTALL.LOG
Quintiq Application Suite PDF Documentation 4.0-->C:\PROGRA~1\Quintiq\UNINST~1\PDF\UNWISE.EXE C:\PROGRA~1\Quintiq\UNINST~1\PDF\INSTALL.LOG
Roxio Media Manager-->MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
salesforce.com Offline Edition 2.0-->MsiExec.exe /X{C6EA8029-DF3F-4752-AC37-A88455F82000}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sophos Anti-Virus-->MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
Sophos Remote Management System-->MsiExec.exe /X{FF11005D-CBC8-45D5-A288-25C7BB304121}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TreeSize 1.75-->"C:\Program Files\JAM Software\TreeSize\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908521)-->"C:\WINDOWS\$NtUninstallKB908521$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB916846)-->"C:\WINDOWS\$NtUninstallKB916846$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Wellnomics WorkPace 3.3.0-->"C:\PROGRA~1\WELLNO~1\UNINST~1.EXE" C:\PROGRA~1\WELLNO~1\INSTALL.LOG
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows NT Messaging-->RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZENworks Asset Management - Client Apps-->C:\Program Files\Novell\ZENworks\Asset Management\bin\_TSCUninst.exe

======Security center information======

AV: Sophos Anti-Virus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GIS\Tools;C:\Program Files\Common Files\GIS\Geocoder;C:\Program Files\Common Files\MapServ;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------


Logfile of random's system information tool 1.04 (written by random/random)
Run by pete at 2008-12-05 16:19:52
Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (37%) free of 57 GB
Total RAM: 1022 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:30 PM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fortinet\FortiClient\scheduler.exe
C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fortinet\FortiClient\FortiTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wellnomics WorkPace\workpace.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\SWEEPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LinkPoint360\LinkPointAssist.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Glance23\Glance.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Novell\GroupWise\grpwise.exe
C:\Novell\GroupWise\GWSync.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pete\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\pete.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.quintiq.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.quintiq.nl:80
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: (no name) - {48d2da9e-ae92-40b5-987a-6ba42516651b} - C:\WINDOWS\system32\lekegafu.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Wellnomics WorkPace 3.3.0] "C:\Program Files\Wellnomics WorkPace\workpace.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [rulikelifu] Rundll32.exe "C:\WINDOWS\system32\mozuvagi.dll",s
O4 - HKLM\..\Run: [a889ceee] rundll32.exe "C:\WINDOWS\system32\yerofata.dll",b
O4 - HKLM\..\Run: [CPMabbafd72] Rundll32.exe "c:\windows\system32\lipegamu.dll",a
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\system32\SWEEPER.EXE /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LinkPointAssist] "C:\Program Files\LinkPoint360\LinkPointAssist.exe" /minimize
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [rulikelifu] Rundll32.exe "C:\WINDOWS\system32\mozuvagi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rulikelifu] Rundll32.exe "C:\WINDOWS\system32\mozuvagi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Glance.lnk = C:\Program Files\Glance23\Glance.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209328099843
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = quintiq.nl
O17 - HKLM\Software\..\Telephony: DomainName = quintiq.nl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = quintiq.nl
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL C:\WINDOWS\system32\zumidiba.dll c:\windows\system32\topipega.dll c:\windows\system32\lipegamu.dll c:\windows\system32\dodedeva.dll c:\windows\system32\lodikolu.dll C:\WINDOWS\system32\gesopepo.dll c:\windows\system32\lodivime.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lodikolu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lodikolu.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fortinet Service Scheduler (FA_Scheduler) - Fortinet Inc. - C:\Program Files\Fortinet\FortiClient\scheduler.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 17142 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Daily scheduled scan.job
C:\WINDOWS\tasks\EasyShare Registration RunOnce Task.job
C:\WINDOWS\tasks\EasyShare Registration Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2008-11-19 240696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48d2da9e-ae92-40b5-987a-6ba42516651b}]
C:\WINDOWS\system32\lekegafu.dll [2008-09-05 64200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-09-02 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-05 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-02 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-19 7401472]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2006-01-19 73728]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"Wellnomics WorkPace 3.3.0"=C:\Program Files\Wellnomics WorkPace\workpace.exe [2006-07-04 1200640]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-04 143360]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
""= []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-06-29 269104]
"VX1000"=C:\WINDOWS\vVX1000.exe [2006-06-29 707376]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"rulikelifu"=C:\WINDOWS\system32\mozuvagi.dll [2008-09-05 64200]
"a889ceee"=C:\WINDOWS\system32\yerofata.dll [2008-12-05 87219]
"CPMabbafd72"=c:\windows\system32\dodedeva.dll [2008-12-05 94972]
"Internet Sweeper"=C:\WINDOWS\system32\SWEEPER.EXE [2002-05-05 159744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-06 68856]
"LinkPointAssist"=C:\Program Files\LinkPoint360\LinkPointAssist.exe [2008-09-04 303104]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Glance.lnk - C:\Program Files\Glance23\Glance.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL C:\WINDOWS\system32\zumidiba.dll c:\windows\system32\topipega.dll c:\windows\system32\lipegamu.dll c:\windows\system32\dodedeva.dll c:\windows\system32\lodikolu.dll C:\WINDOWS\system32\gesopepo.dll c:\windows\system32\lodivime.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lodikolu.dll [2008-12-05 94902]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lodikolu.dll [2008-12-05 94902]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\zumidiba.dll
C:\WINDOWS\system32\gesopepo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Fortinet\FortiClient\ipsec.exe"="C:\Program Files\Fortinet\FortiClient\ipsec.exe:*:Enabled:FortiClient VPN Service"
"C:\Program Files\Quintiq\Bin\server.exe"="C:\Program Files\Quintiq\Bin\server.exe:*:Enabled:Quintiq Server"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Quintiq\Bin\dbodbc.exe"="C:\Program Files\Quintiq\Bin\dbodbc.exe:*:Enabled:Quintiq ODBC Integrator"
"C:\Program Files\Rio\Rio Music Manager\riomm.exe"="C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fortinet\FortiClient\FortiProxy.exe"="C:\Program Files\Fortinet\FortiClient\FortiProxy.exe:*:Enabled:FortiProxy"
"C:\Program Files\Fortinet\FortiClient\FCMgr.exe"="C:\Program Files\Fortinet\FortiClient\FCMgr.exe:*:Enabled:FortiClientManager"
"C:\Program Files\Quintiq\Bin\server.exe"="C:\Program Files\Quintiq\Bin\server.exe:*:Enabled:Quintiq Server"
"C:\Program Files\Quintiq\Bin\TCE.exe"="C:\Program Files\Quintiq\Bin\TCE.exe:*:Enabled:ThinClientEngine"
"C:\Program Files\Quintiq\Bin\dbodbc.exe"="C:\Program Files\Quintiq\Bin\dbodbc.exe:*:Enabled:Quintiq ODBC Integrator"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Fortinet\FortiClient\ipsec.exe"="C:\Program Files\Fortinet\FortiClient\ipsec.exe:*:Enabled:FortiClient VPN Service"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Disabled:LifeExp.exe"
"C:\eRouteServer\eRouteServer.exe"="C:\eRouteServer\eRouteServer.exe:*:Enabled:PTV eServerFrame"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9.1"
"C:\Novell\GroupWise\grpwise.exe"="C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise"
"C:\Novell\GroupWise\notify.exe"="C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify"
"C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE:*:Enabled:Outlook"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\pete.exe"="C:\Program Files\Yahoo!\Messenger\pete.exe:*:Enabled:pete.exe"
"C:\Program Files\Quintiq4.1\Bin\QServer_32.exe"="C:\Program Files\Quintiq4.1\Bin\QServer_32.exe:*:Enabled:Quintiq Server 32-bit"
"C:\Program Files\Quintiq4.1\Bin\QDBODBC_32.exe"="C:\Program Files\Quintiq4.1\Bin\QDBODBC_32.exe:*:Enabled:Quintiq ODBC Integrator 32-bit"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:msimn"
"C:\WINDOWS\inf\unregmp2.exe"="C:\WINDOWS\inf\unregmp2.exe:*:Enabled:unregmp2"
"C:\Program Files\Windows Media Player\wmdbexport.exe"="C:\Program Files\Windows Media Player\wmdbexport.exe:*:Enabled:wmdbexport"
"C:\WINDOWS\system32\shmgrate.exe"="C:\WINDOWS\system32\shmgrate.exe:*:Enabled:shmgrate"
"C:\Program Files\Spyware Doctor\pctsAuxs.exe"="C:\Program Files\Spyware Doctor\pctsAuxs.exe:*:Enabled:pctsAuxs"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ac65ab1-50b4-11dc-801e-0015c5427eea}]
shell\AutoRun\command - D:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-05 16:19:59 ----D---- C:\Program Files\trend micro
2008-12-05 16:19:52 ----D---- C:\rsit
2008-12-05 13:53:17 ----SH---- C:\WINDOWS\system32\ataforey.ini
2008-12-05 11:12:33 ----SH---- C:\WINDOWS\system32\befuhaje.dll
2008-12-05 10:49:35 ----SH---- C:\WINDOWS\system32\oguvubiz.ini
2008-12-05 10:26:53 ----SH---- C:\WINDOWS\system32\ezufatek.ini
2008-12-05 10:07:53 ----SH---- C:\WINDOWS\system32\ifijawah.ini
2008-12-05 09:39:29 ----SH---- C:\WINDOWS\system32\igimulev.ini
2008-12-04 21:24:18 ----SH---- C:\WINDOWS\system32\osaviviy.ini
2008-12-03 15:10:16 ----D---- C:\Documents and Settings\pete\Application Data\BallStat
2008-12-03 14:10:16 ----D---- C:\Program Files\BallStat
2008-12-03 14:10:16 ----A---- C:\WINDOWS\UnDeploy.exe
2008-12-03 09:34:13 ----SH---- C:\WINDOWS\system32\usebafey.ini
2008-12-02 22:02:01 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 22:02:01 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 22:02:01 ----A---- C:\WINDOWS\system32\java.exe
2008-12-02 21:35:49 ----SH---- C:\WINDOWS\system32\eliyebif.ini
2008-12-02 14:08:16 ----A---- C:\WINDOWS\PaltalkScene Uninstall Log.txt
2008-12-02 09:30:03 ----SH---- C:\WINDOWS\system32\eseyanan.ini
2008-12-01 13:03:59 ----SH---- C:\WINDOWS\system32\awenamay.ini
2008-11-30 21:02:31 ----SH---- C:\WINDOWS\system32\eyuhirab.ini
2008-11-30 11:33:24 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-30 11:13:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-30 10:17:19 ----A---- C:\VundoFix.txt
2008-11-30 10:12:13 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-30 09:02:16 ----SH---- C:\WINDOWS\system32\inisipaz.ini
2008-11-29 16:32:09 ----SH---- C:\WINDOWS\system32\ipuweyim.ini
2008-11-26 15:33:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-26 15:33:27 ----D---- C:\Program Files\Spyware Doctor
2008-11-26 15:33:27 ----D---- C:\Documents and Settings\pete\Application Data\PC Tools
2008-11-26 15:20:50 ----SHD---- C:\Config.Msi
2008-11-26 13:03:05 ----SH---- C:\WINDOWS\system32\unibahoy.ini
2008-11-26 09:08:18 ----D---- C:\Program Files\Glance24
2008-11-20 13:40:49 ----D---- C:\Program Files\AskSearch
2008-11-20 13:40:48 ----D---- C:\Program Files\AskBarDis
2008-11-20 13:39:51 ----D---- C:\WINDOWS\PaltalkScene
2008-11-20 13:39:21 ----A---- C:\WINDOWS\PaltalkScene Setup Log.txt
2008-11-19 15:48:37 ----A---- C:\YServer.txt
2008-11-13 21:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 21:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-05 16:19:59 ----RD---- C:\Program Files
2008-12-05 16:19:57 ----D---- C:\WINDOWS\Prefetch
2008-12-05 14:10:17 ----D---- C:\WINDOWS\Temp
2008-12-05 13:57:11 ----A---- C:\WINDOWS\WPCMAPI.INI
2008-12-05 13:53:47 ----D---- C:\WINDOWS\system32
2008-12-05 13:50:46 ----SHD---- C:\WINDOWS\CSC
2008-12-05 13:50:02 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-12-05 13:50:00 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 13:50:00 ----ASH---- C:\WINDOWS\system32\yerofata.dll
2008-12-05 13:49:59 ----ASH---- C:\WINDOWS\system32\lodivime.dll
2008-12-05 13:49:56 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-05 13:49:24 ----A---- C:\WINDOWS\ODBC.INI
2008-12-05 12:50:30 ----D---- C:\WINDOWS\security
2008-12-05 12:50:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-05 12:49:30 ----ASH---- C:\WINDOWS\system32\meroyesu.dll
2008-12-05 12:49:29 ----ASH---- C:\WINDOWS\system32\jomuhuha.dll
2008-12-05 10:49:28 ----ASH---- C:\WINDOWS\system32\lodikolu.dll
2008-12-05 10:26:51 ----N---- C:\WINDOWS\system32\ketafuze.dll
2008-12-05 10:26:50 ----ASH---- C:\WINDOWS\system32\topipega.dll
2008-12-05 10:04:16 ----ASH---- C:\WINDOWS\system32\dodedeva.dll
2008-12-05 10:03:46 ----N---- C:\WINDOWS\system32\hawajifi.dll
2008-12-05 09:39:23 ----N---- C:\WINDOWS\system32\velumigi.dll
2008-12-05 09:39:23 ----ASH---- C:\WINDOWS\system32\lipegamu.dll
2008-12-04 21:23:50 ----ASH---- C:\WINDOWS\system32\yivivaso.dll
2008-12-04 21:23:50 ----ASH---- C:\WINDOWS\system32\wetidehu.dll
2008-12-04 21:23:48 ----ASH---- C:\WINDOWS\system32\kojoyapi.dll
2008-12-04 11:30:57 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-03 16:50:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 14:10:16 ----D---- C:\WINDOWS
2008-12-03 13:13:34 ----SHD---- C:\WINDOWS\Installer
2008-12-03 13:13:05 ----D---- C:\Program Files\Common Files
2008-12-03 09:34:08 ----ASH---- C:\WINDOWS\system32\jegulufo.dll
2008-12-02 22:01:50 ----D---- C:\Program Files\Java
2008-12-02 14:09:29 ----D---- C:\Documents and Settings\pete\Application Data\Paltalk
2008-12-02 09:29:46 ----ASH---- C:\WINDOWS\system32\tubijeki.dll
2008-12-01 15:48:02 ----D---- C:\QBTimer
2008-12-01 13:03:57 ----ASH---- C:\WINDOWS\system32\yowefise.dll
2008-12-01 13:03:54 ----N---- C:\WINDOWS\system32\yamanewa.dll
2008-12-01 08:49:43 ----HD---- C:\WINDOWS\inf
2008-12-01 08:19:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-30 11:33:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-30 11:07:35 ----D---- C:\Documents and Settings\pete\Application Data\Skype
2008-11-30 09:53:12 ----D---- C:\Documents and Settings\pete\Application Data\skypePM
2008-11-27 12:12:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-27 12:10:32 ----SD---- C:\Documents and Settings\pete\Application Data\Microsoft
2008-11-27 12:01:46 ----D---- C:\Program Files\NetMeeting
2008-11-26 15:49:00 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-26 15:21:44 ----D---- C:\Program Files\Common Files\LogiShrd
2008-11-26 15:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-11-26 15:17:59 ----D---- C:\Program Files\Citrix
2008-11-26 15:17:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-20 11:27:43 ----HD---- C:\Program Files\Yahoo!
2008-11-19 12:35:28 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-17 13:47:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-17 13:47:45 ----D---- C:\Program Files\Mozilla Firefox
2008-11-17 13:47:30 ----D---- C:\Temp
2008-11-13 21:23:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-13 21:23:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 21:23:12 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 21:22:08 ----D---- C:\WINDOWS\WinSxS
2008-11-11 15:26:37 ----D---- C:\Documents and Settings\pete\Application Data\ZoomBrowser EX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 Fortigen;Fortigen; C:\WINDOWS\system32\drivers\fortigen.sys [2007-01-29 14376]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2008-09-30 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2008-09-30 35584]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-21 21275]
R2 Fortips;Fortips; \??\C:\WINDOWS\system32\drivers\fortips.sys []
R2 FortiRdr;FortiRdr; \??\C:\WINDOWS\system32\drivers\FortiRdr.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R2 WNTHW;WNTHW; \??\C:\WINDOWS\system32\DRIVERS\WNTHW.SYS []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Fortidrv2;FortiNet Fortidrv Service; C:\WINDOWS\system32\DRIVERS\fortidrv.sys [2007-02-22 22440]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-19 3595296]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-22 47104]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 ft_vnic;Fortinet network virtual adapter; C:\WINDOWS\system32\DRIVERS\ftvnic.sys [2007-02-22 14760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-01-20 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-01-11 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-09 39936]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-29 1965872]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 14976]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 FA_Scheduler;Fortinet Service Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [2007-01-29 28690]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-29 187184]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-19 143428]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-10-23 69632]
R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 Sophos Agent;Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [2008-10-23 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2008-09-30 172032]
R2 Sophos Message Router;Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [2008-10-23 794624]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client; C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe [2007-11-28 49152]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-04-05 654848]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 06 December 2008 - 04:13 PM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Post me these logs in your next reply..


1. SDFix
2. ComboFix
3. A fresh HijackThis log (after ComboFix step)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 PetePA8820

PetePA8820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 08 December 2008 - 11:12 AM

When I try to run SDFix in Safe Mode, it appears that nothing happens. I get the prompt to enter 'Y" and then it says it is checking processes but nothing happens after that. I tried running it about 4 different times.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 08 December 2008 - 11:30 AM

Proceed with ComboFix step please.. If ComboFix fails to run, please rename it to KFC-Combo and run it.. Post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 PetePA8820

PetePA8820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 08 December 2008 - 12:40 PM

I can't get ComboFix to run even after I renamed it. Any suggestions? Thanks for the help.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 08 December 2008 - 02:11 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\lekegafu.dll
    C:\WINDOWS\system32\mozuvagi.dll
    C:\WINDOWS\system32\yerofata.dll
    c:\windows\system32\dodedeva.dll
    C:\WINDOWS\system32\zumidiba.dll
    c:\windows\system32\topipega.dll
    c:\windows\system32\lipegamu.dll
    c:\windows\system32\dodedeva.dll
    c:\windows\system32\lodikolu.dll
    C:\WINDOWS\system32\gesopepo.dll
    c:\windows\system32\lodivime.dll
    C:\WINDOWS\system32\ataforey.ini
    C:\WINDOWS\system32\befuhaje.dll
    C:\WINDOWS\system32\oguvubiz.ini
    C:\WINDOWS\system32\ezufatek.ini
    C:\WINDOWS\system32\ifijawah.ini
    C:\WINDOWS\system32\igimulev.ini
    C:\WINDOWS\system32\osaviviy.ini
    C:\WINDOWS\system32\usebafey.ini
    C:\WINDOWS\system32\eliyebif.ini
    C:\WINDOWS\system32\eseyanan.ini
    C:\WINDOWS\system32\awenamay.ini
    C:\WINDOWS\system32\eyuhirab.ini
    C:\WINDOWS\system32\inisipaz.ini
    C:\WINDOWS\system32\ipuweyim.ini
    C:\WINDOWS\system32\unibahoy.ini
    C:\WINDOWS\system32\yerofata.dll
    C:\WINDOWS\system32\lodivime.dll
    C:\WINDOWS\system32\meroyesu.dll
    C:\WINDOWS\system32\jomuhuha.dll
    C:\WINDOWS\system32\lodikolu.dll
    C:\WINDOWS\system32\ketafuze.dll
    C:\WINDOWS\system32\topipega.dll
    C:\WINDOWS\system32\dodedeva.dll
    C:\WINDOWS\system32\hawajifi.dll
    C:\WINDOWS\system32\velumigi.dll
    C:\WINDOWS\system32\lipegamu.dll
    C:\WINDOWS\system32\yivivaso.dll
    C:\WINDOWS\system32\wetidehu.dll
    C:\WINDOWS\system32\kojoyapi.dll
    C:\WINDOWS\system32\jegulufo.dll
    C:\WINDOWS\system32\tubijeki.dll
    C:\WINDOWS\system32\yowefise.dll
    C:\WINDOWS\system32\yamanewa.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48d2da9e-ae92-40b5-987a-6ba42516651b}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "rulikelifu"=-
    "a889ceee"=-
    "CPMabbafd72"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SSODL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
    [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.





NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Run RSIT again.. post these logs in your next reply..

1. OTMoveIt3
2. Malwarebytes'
3. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 PetePA8820

PetePA8820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 08 December 2008 - 04:54 PM

Here are the logs. Thanks!!

OTMoveIt Log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\lekegafu.dll not found.
File/Folder C:\WINDOWS\system32\mozuvagi.dll not found.
File/Folder C:\WINDOWS\system32\yerofata.dll not found.
File/Folder c:\windows\system32\dodedeva.dll not found.
File/Folder C:\WINDOWS\system32\zumidiba.dll not found.
File/Folder c:\windows\system32\topipega.dll not found.
File/Folder c:\windows\system32\lipegamu.dll not found.
File/Folder c:\windows\system32\dodedeva.dll not found.
File/Folder c:\windows\system32\lodikolu.dll not found.
File/Folder C:\WINDOWS\system32\gesopepo.dll not found.
File/Folder c:\windows\system32\lodivime.dll not found.
File/Folder C:\WINDOWS\system32\ataforey.ini not found.
File/Folder C:\WINDOWS\system32\befuhaje.dll not found.
File/Folder C:\WINDOWS\system32\oguvubiz.ini not found.
File/Folder C:\WINDOWS\system32\ezufatek.ini not found.
File/Folder C:\WINDOWS\system32\ifijawah.ini not found.
File/Folder C:\WINDOWS\system32\igimulev.ini not found.
File/Folder C:\WINDOWS\system32\osaviviy.ini not found.
File/Folder C:\WINDOWS\system32\usebafey.ini not found.
File/Folder C:\WINDOWS\system32\eliyebif.ini not found.
File/Folder C:\WINDOWS\system32\eseyanan.ini not found.
File/Folder C:\WINDOWS\system32\awenamay.ini not found.
File/Folder C:\WINDOWS\system32\eyuhirab.ini not found.
File/Folder C:\WINDOWS\system32\inisipaz.ini not found.
File/Folder C:\WINDOWS\system32\ipuweyim.ini not found.
File/Folder C:\WINDOWS\system32\unibahoy.ini not found.
File/Folder C:\WINDOWS\system32\yerofata.dll not found.
File/Folder C:\WINDOWS\system32\lodivime.dll not found.
File/Folder C:\WINDOWS\system32\meroyesu.dll not found.
File/Folder C:\WINDOWS\system32\jomuhuha.dll not found.
File/Folder C:\WINDOWS\system32\lodikolu.dll not found.
File/Folder C:\WINDOWS\system32\ketafuze.dll not found.
File/Folder C:\WINDOWS\system32\topipega.dll not found.
File/Folder C:\WINDOWS\system32\dodedeva.dll not found.
File/Folder C:\WINDOWS\system32\hawajifi.dll not found.
File/Folder C:\WINDOWS\system32\velumigi.dll not found.
File/Folder C:\WINDOWS\system32\lipegamu.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\yivivaso.dll
C:\WINDOWS\system32\yivivaso.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yivivaso.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wetidehu.dll
C:\WINDOWS\system32\wetidehu.dll NOT unregistered.
C:\WINDOWS\system32\wetidehu.dll moved successfully.
File/Folder C:\WINDOWS\system32\kojoyapi.dll not found.
File/Folder C:\WINDOWS\system32\jegulufo.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tubijeki.dll
C:\WINDOWS\system32\tubijeki.dll NOT unregistered.
C:\WINDOWS\system32\tubijeki.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\yowefise.dll
C:\WINDOWS\system32\yowefise.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yowefise.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yamanewa.dll
C:\WINDOWS\system32\yamanewa.dll NOT unregistered.
C:\WINDOWS\system32\yamanewa.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48d2da9e-ae92-40b5-987a-6ba42516651b}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rulikelifu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\a889ceee deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPMabbafd72 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\pete\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\pete\LOCALS~1\Temp\~DF56BA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\pete\LOCALS~1\Temp\~DF6C39.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\pete\LOCALS~1\Temp\~DF7DAC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\pete\LOCALS~1\Temp\~DFC03D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\pete\LOCALS~1\Temp\~DFFE04.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CTT87.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETAD76.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3f8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_410.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b50.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_142726

Files moved on Reboot...
File C:\WINDOWS\system32\yivivaso.dll not found!
File C:\WINDOWS\system32\yowefise.dll not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\pete\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\pete\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\pete\LOCALS~1\Temp\IadHide5.dll moved successfully.
C:\DOCUME~1\pete\LOCALS~1\Temp\~DF56BA.tmp moved successfully.
C:\DOCUME~1\pete\LOCALS~1\Temp\~DF6C39.tmp moved successfully.
File C:\DOCUME~1\pete\LOCALS~1\Temp\~DF7DAC.tmp not found!
C:\DOCUME~1\pete\LOCALS~1\Temp\~DFC03D.tmp moved successfully.
C:\DOCUME~1\pete\LOCALS~1\Temp\~DFFE04.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\CTT87.tmp moved successfully.
C:\WINDOWS\temp\JETAD76.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_3f8.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_410.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_b50.dat moved successfully.


Malwarebytes' Anti-Malware 1.31
Database version: 1475
Windows 5.1.2600 Service Pack 2

2008-12-08 16:35:10
mbam-log-2008-12-08 (16-35-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 185748
Time elapsed: 1 hour(s), 45 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ritinezu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\botanode.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pohojuhi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\belifuna.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jahemine.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\mukayugi.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48d2da9e-ae92-40b5-987a-6ba42516651b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{48d2da9e-ae92-40b5-987a-6ba42516651b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{48d2da9e-ae92-40b5-987a-6ba42516651b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a889ceee (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmabbafd72 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rulikelifu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\belifuna.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\belifuna.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jahemine.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jahemine.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jahemine.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\mukayugi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\mukayugi.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ritinezu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uzenitir.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\belifuna.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\botanode.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pohojuhi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jahemine.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\mukayugi.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP333\A0210321.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\melamiro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12082008_141435\WINDOWS\system32\jomuhuha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12082008_141435\WINDOWS\system32\yerofata.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.04 (written by random/random)
Run by pete at 2008-12-08 16:53:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (36%) free of 57 GB
Total RAM: 1022 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53, on 2008-12-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fortinet\FortiClient\scheduler.exe
C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fortinet\FortiClient\FortiTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Wellnomics WorkPace\workpace.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Novell\GroupWise\grpwise.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\SWEEPER.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LinkPoint360\LinkPointAssist.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Glance23\Glance.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Novell\GroupWise\GWSync.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\pete\Desktop\RSIT.exe
C:\Program Files\trend micro\pete.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.quintiq.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.quintiq.nl:80
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Wellnomics WorkPace 3.3.0] "C:\Program Files\Wellnomics WorkPace\workpace.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\system32\SWEEPER.EXE /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LinkPointAssist] "C:\Program Files\LinkPoint360\LinkPointAssist.exe" /minimize
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [rulikelifu] Rundll32.exe "C:\WINDOWS\system32\botanode.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rulikelifu] Rundll32.exe "C:\WINDOWS\system32\botanode.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Glance.lnk = C:\Program Files\Glance23\Glance.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209328099843
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = quintiq.nl
O17 - HKLM\Software\..\Telephony: DomainName = quintiq.nl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = quintiq.nl
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL ,
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fortinet Service Scheduler (FA_Scheduler) - Fortinet Inc. - C:\Program Files\Fortinet\FortiClient\scheduler.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15685 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Daily scheduled scan.job
C:\WINDOWS\tasks\EasyShare Registration RunOnce Task.job
C:\WINDOWS\tasks\EasyShare Registration Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2008-11-19 240696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-09-02 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-05 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-02 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-19 7401472]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2006-01-19 73728]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"Wellnomics WorkPace 3.3.0"=C:\Program Files\Wellnomics WorkPace\workpace.exe [2006-07-04 1200640]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-04 143360]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
""= []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-06-29 269104]
"VX1000"=C:\WINDOWS\vVX1000.exe [2006-06-29 707376]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"Internet Sweeper"=C:\WINDOWS\system32\SWEEPER.EXE [2002-05-05 159744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-06 68856]
"LinkPointAssist"=C:\Program Files\LinkPoint360\LinkPointAssist.exe [2008-09-04 303104]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Glance.lnk - C:\Program Files\Glance23\Glance.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL , "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Fortinet\FortiClient\ipsec.exe"="C:\Program Files\Fortinet\FortiClient\ipsec.exe:*:Enabled:FortiClient VPN Service"
"C:\Program Files\Quintiq\Bin\server.exe"="C:\Program Files\Quintiq\Bin\server.exe:*:Enabled:Quintiq Server"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Quintiq\Bin\dbodbc.exe"="C:\Program Files\Quintiq\Bin\dbodbc.exe:*:Enabled:Quintiq ODBC Integrator"
"C:\Program Files\Rio\Rio Music Manager\riomm.exe"="C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fortinet\FortiClient\FortiProxy.exe"="C:\Program Files\Fortinet\FortiClient\FortiProxy.exe:*:Enabled:FortiProxy"
"C:\Program Files\Fortinet\FortiClient\FCMgr.exe"="C:\Program Files\Fortinet\FortiClient\FCMgr.exe:*:Enabled:FortiClientManager"
"C:\Program Files\Quintiq\Bin\server.exe"="C:\Program Files\Quintiq\Bin\server.exe:*:Enabled:Quintiq Server"
"C:\Program Files\Quintiq\Bin\TCE.exe"="C:\Program Files\Quintiq\Bin\TCE.exe:*:Enabled:ThinClientEngine"
"C:\Program Files\Quintiq\Bin\dbodbc.exe"="C:\Program Files\Quintiq\Bin\dbodbc.exe:*:Enabled:Quintiq ODBC Integrator"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Fortinet\FortiClient\ipsec.exe"="C:\Program Files\Fortinet\FortiClient\ipsec.exe:*:Enabled:FortiClient VPN Service"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Disabled:LifeExp.exe"
"C:\eRouteServer\eRouteServer.exe"="C:\eRouteServer\eRouteServer.exe:*:Enabled:PTV eServerFrame"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9.1"
"C:\Novell\GroupWise\grpwise.exe"="C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise"
"C:\Novell\GroupWise\notify.exe"="C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify"
"C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE:*:Enabled:Outlook"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\pete.exe"="C:\Program Files\Yahoo!\Messenger\pete.exe:*:Enabled:pete.exe"
"C:\Program Files\Quintiq4.1\Bin\QServer_32.exe"="C:\Program Files\Quintiq4.1\Bin\QServer_32.exe:*:Enabled:Quintiq Server 32-bit"
"C:\Program Files\Quintiq4.1\Bin\QDBODBC_32.exe"="C:\Program Files\Quintiq4.1\Bin\QDBODBC_32.exe:*:Enabled:Quintiq ODBC Integrator 32-bit"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:msimn"
"C:\WINDOWS\inf\unregmp2.exe"="C:\WINDOWS\inf\unregmp2.exe:*:Enabled:unregmp2"
"C:\Program Files\Windows Media Player\wmdbexport.exe"="C:\Program Files\Windows Media Player\wmdbexport.exe:*:Enabled:wmdbexport"
"C:\WINDOWS\system32\shmgrate.exe"="C:\WINDOWS\system32\shmgrate.exe:*:Enabled:shmgrate"
"C:\Program Files\Spyware Doctor\pctsAuxs.exe"="C:\Program Files\Spyware Doctor\pctsAuxs.exe:*:Enabled:pctsAuxs"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ac65ab1-50b4-11dc-801e-0015c5427eea}]
shell\AutoRun\command - D:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-08 14:47:47 ----D---- C:\Documents and Settings\pete\Application Data\Malwarebytes
2008-12-08 14:47:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 14:47:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-08 14:14:35 ----D---- C:\_OTMoveIt
2008-12-08 12:36:17 ----A---- C:\WINDOWS\system32\CF449.exe
2008-12-08 12:36:07 ----A---- C:\WINDOWS\system32\cmd.execf
2008-12-08 12:27:59 ----D---- C:\KFC-Combo
2008-12-08 12:27:57 ----A---- C:\WINDOWS\system32\CF31591.exe
2008-12-08 12:24:44 ----D---- C:\ComboFix
2008-12-08 12:24:43 ----A---- C:\WINDOWS\system32\CF30957.exe
2008-12-08 12:22:22 ----D---- C:\32788R22FWJFW
2008-12-08 11:58:18 ----A---- C:\WINDOWS\system32\CF25765.exe
2008-12-08 11:46:38 ----A---- C:\WINDOWS\zip.exe
2008-12-08 11:46:38 ----A---- C:\WINDOWS\VFIND.exe
2008-12-08 11:46:38 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-08 11:46:38 ----A---- C:\WINDOWS\SWSC.exe
2008-12-08 11:46:38 ----A---- C:\WINDOWS\SWREG.exe
2008-12-08 11:46:38 ----A---- C:\WINDOWS\sed.exe
2008-12-08 11:46:38 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-08 11:46:38 ----A---- C:\WINDOWS\grep.exe
2008-12-08 11:46:38 ----A---- C:\WINDOWS\fdsv.exe
2008-12-08 11:46:29 ----A---- C:\WINDOWS\system32\CF23469.exe
2008-12-08 11:43:56 ----A---- C:\WINDOWS\system32\CF22954.exe
2008-12-08 11:12:46 ----D---- C:\WINDOWS\ERDNT
2008-12-08 11:12:45 ----D---- C:\Qoobox
2008-12-08 11:12:44 ----A---- C:\WINDOWS\system32\CF16844.exe
2008-12-08 11:12:37 ----A---- C:\Bug.txt
2008-12-08 10:50:06 ----D---- C:\SDFix
2008-12-08 09:55:31 ----D---- C:\WINDOWS\ERUNT
2008-12-05 16:19:59 ----D---- C:\Program Files\trend micro
2008-12-05 16:19:52 ----D---- C:\rsit
2008-12-03 15:10:16 ----D---- C:\Documents and Settings\pete\Application Data\BallStat
2008-12-03 14:10:16 ----D---- C:\Program Files\BallStat
2008-12-03 14:10:16 ----A---- C:\WINDOWS\UnDeploy.exe
2008-12-02 22:02:01 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 22:02:01 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 22:02:01 ----A---- C:\WINDOWS\system32\java.exe
2008-12-02 14:08:16 ----A---- C:\WINDOWS\PaltalkScene Uninstall Log.txt
2008-11-30 11:33:24 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-30 11:13:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-30 10:17:19 ----A---- C:\VundoFix.txt
2008-11-30 10:12:13 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-26 15:33:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-26 15:33:27 ----D---- C:\Program Files\Spyware Doctor
2008-11-26 15:33:27 ----D---- C:\Documents and Settings\pete\Application Data\PC Tools
2008-11-26 15:20:50 ----SHD---- C:\Config.Msi
2008-11-26 09:08:18 ----D---- C:\Program Files\Glance24
2008-11-20 13:40:49 ----D---- C:\Program Files\AskSearch
2008-11-20 13:40:48 ----D---- C:\Program Files\AskBarDis
2008-11-20 13:39:51 ----D---- C:\WINDOWS\PaltalkScene
2008-11-20 13:39:21 ----A---- C:\WINDOWS\PaltalkScene Setup Log.txt
2008-11-19 15:48:37 ----A---- C:\YServer.txt
2008-11-13 21:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 21:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-08 16:42:57 ----A---- C:\WINDOWS\WPCMAPI.INI
2008-12-08 16:41:16 ----D---- C:\WINDOWS\Temp
2008-12-08 16:38:43 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-12-08 16:38:37 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-08 16:38:13 ----A---- C:\WINDOWS\ODBC.INI
2008-12-08 16:37:32 ----D---- C:\WINDOWS\system32
2008-12-08 16:37:31 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 16:37:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-08 15:58:43 ----D---- C:\QBTimer
2008-12-08 14:47:39 ----RD---- C:\Program Files
2008-12-08 14:19:40 ----SHD---- C:\WINDOWS\CSC
2008-12-08 11:46:38 ----D---- C:\WINDOWS
2008-12-08 11:12:32 ----D---- C:\WINDOWS\Prefetch
2008-12-08 11:00:10 ----D---- C:\WINDOWS\security
2008-12-04 11:30:57 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-03 16:50:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 13:13:34 ----SHD---- C:\WINDOWS\Installer
2008-12-03 13:13:05 ----D---- C:\Program Files\Common Files
2008-12-02 22:01:50 ----D---- C:\Program Files\Java
2008-12-02 14:09:29 ----D---- C:\Documents and Settings\pete\Application Data\Paltalk
2008-12-01 08:49:43 ----HD---- C:\WINDOWS\inf
2008-12-01 08:19:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-30 11:33:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-30 11:07:35 ----D---- C:\Documents and Settings\pete\Application Data\Skype
2008-11-30 09:53:12 ----D---- C:\Documents and Settings\pete\Application Data\skypePM
2008-11-27 12:12:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-27 12:10:32 ----SD---- C:\Documents and Settings\pete\Application Data\Microsoft
2008-11-27 12:01:46 ----D---- C:\Program Files\NetMeeting
2008-11-26 15:49:00 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-26 15:21:44 ----D---- C:\Program Files\Common Files\LogiShrd
2008-11-26 15:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-11-26 15:17:59 ----D---- C:\Program Files\Citrix
2008-11-26 15:17:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-20 11:27:43 ----HD---- C:\Program Files\Yahoo!
2008-11-19 12:35:28 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-17 13:47:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-17 13:47:45 ----D---- C:\Program Files\Mozilla Firefox
2008-11-17 13:47:30 ----D---- C:\Temp
2008-11-13 21:23:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-13 21:23:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 21:23:12 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 21:22:08 ----D---- C:\WINDOWS\WinSxS
2008-11-11 15:26:37 ----D---- C:\Documents and Settings\pete\Application Data\ZoomBrowser EX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 Fortigen;Fortigen; C:\WINDOWS\system32\drivers\fortigen.sys [2007-01-29 14376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2008-09-30 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2008-09-30 35584]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-21 21275]
R2 Fortips;Fortips; \??\C:\WINDOWS\system32\drivers\fortips.sys []
R2 FortiRdr;FortiRdr; \??\C:\WINDOWS\system32\drivers\FortiRdr.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R2 WNTHW;WNTHW; \??\C:\WINDOWS\system32\DRIVERS\WNTHW.SYS []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Fortidrv2;FortiNet Fortidrv Service; C:\WINDOWS\system32\DRIVERS\fortidrv.sys [2007-02-22 22440]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-19 3595296]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-22 47104]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 ft_vnic;Fortinet network virtual adapter; C:\WINDOWS\system32\DRIVERS\ftvnic.sys [2007-02-22 14760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-01-20 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-01-11 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-09 39936]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-29 1965872]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 14976]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 FA_Scheduler;Fortinet Service Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [2007-01-29 28690]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-29 187184]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-19 143428]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-10-23 69632]
R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304]
R2 Sophos Agent;Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [2008-10-23 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2008-09-30 172032]
R2 Sophos Message Router;Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [2008-10-23 794624]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client; C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe [2007-11-28 49152]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-04-05 654848]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 08 December 2008 - 09:48 PM

That looks nice to me.. Can you get ComboFix (or KFC-Combo) to run?.. If yes, please do so, and post the log here.. If not, please do below..

Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and save it into Notepad. Attach that Notepad in this thread.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 PetePA8820

PetePA8820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 09 December 2008 - 09:01 AM

ComboFix ran fine this time.


ComboFix 08-12-07.04 - pete 2008-12-09 8:40:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.521 [GMT -5:00]
Running from: c:\documents and settings\pete\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pete\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\holusifo.dll
c:\windows\system32\regsvr32.dll
c:\windows\system32\wefihipe.dll

----- BITS: Possible infected sites -----

hxxp://quintiq_appl.quintiq.nl
hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-08 14:47 . 2008-12-08 14:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 14:47 . 2008-12-08 14:47 <DIR> d-------- c:\documents and settings\pete\Application Data\Malwarebytes
2008-12-08 14:47 . 2008-12-08 14:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 14:47 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 14:47 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-08 14:14 . 2008-12-08 14:14 <DIR> d-------- C:\_OTMoveIt
2008-12-08 10:50 . 2008-12-08 10:58 <DIR> d-------- C:\SDFix
2008-12-08 09:55 . 2008-12-08 09:55 <DIR> d-------- c:\windows\ERUNT
2008-12-05 16:19 . 2008-12-05 16:20 <DIR> d-------- C:\rsit
2008-12-05 16:19 . 2008-12-08 16:53 <DIR> d-------- c:\program files\trend micro
2008-12-03 15:10 . 2008-12-03 15:13 <DIR> d-------- c:\documents and settings\pete\Application Data\BallStat
2008-12-03 14:10 . 2008-12-03 14:10 <DIR> d-------- c:\program files\BallStat
2008-12-03 14:10 . 2006-06-06 03:08 67,472 --a------ c:\windows\UnDeploy.exe
2008-12-03 11:42 . 2008-12-03 11:44 <DIR> d-------- c:\documents and settings\pete\.SunDownloadManager
2008-11-30 11:33 . 2008-12-01 08:49 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-30 11:13 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-30 11:13 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-26 15:33 . 2008-12-05 04:25 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-26 15:33 . 2008-11-26 15:33 <DIR> d-------- c:\documents and settings\pete\Application Data\PC Tools
2008-11-26 15:33 . 2008-12-08 09:51 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-26 15:33 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-26 15:33 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-26 15:33 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-26 15:33 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-26 09:08 . 2008-11-26 09:08 <DIR> d-------- c:\program files\Glance24
2008-11-20 13:40 . 2008-11-20 13:40 <DIR> d-------- c:\program files\AskSearch
2008-11-20 13:40 . 2008-11-30 09:05 <DIR> d-------- c:\program files\AskBarDis
2008-11-20 13:39 . 2008-11-20 13:39 <DIR> d-------- c:\windows\PaltalkScene
2008-11-17 13:47 . 2008-11-17 13:47 <DIR> d-------- c:\temp\google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 13:32 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-03 03:01 --------- d-----w c:\program files\Java
2008-12-02 19:09 --------- d-----w c:\documents and settings\pete\Application Data\Paltalk
2008-11-30 16:07 --------- d-----w c:\documents and settings\pete\Application Data\Skype
2008-11-30 14:53 --------- d-----w c:\documents and settings\pete\Application Data\skypePM
2008-11-26 20:21 --------- d-----w c:\program files\Common Files\LogiShrd
2008-11-26 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-11-26 20:17 --------- d-----w c:\program files\Citrix
2008-11-26 20:17 --------- d-----w c:\documents and settings\administrator.QUINTIQDOMAIN\Application Data\Lavasoft
2008-11-20 16:27 --------- d--h--w c:\program files\Yahoo!
2008-11-19 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-11 20:26 --------- d-----w c:\documents and settings\pete\Application Data\ZoomBrowser EX
2008-11-05 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-10-28 18:45 --------- d-----w c:\program files\Skype
2008-10-28 18:45 --------- d-----w c:\program files\Common Files\Skype
2008-10-28 18:45 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-24 13:59 --------- d--h--w c:\program files\Google
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-05-06 12:38 39,568 ----a-w c:\documents and settings\pete\Application Data\GDIPFONTCACHEV1.DAT
2007-12-10 16:25 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-07-27 18:05 56,912 ----a-w c:\documents and settings\pete\g2mdlhlpx.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-06 68856]
"LinkPointAssist"="c:\program files\LinkPoint360\LinkPointAssist.exe" [2008-09-04 303104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"Wellnomics WorkPace 3.3.0"="c:\program files\Wellnomics WorkPace\workpace.exe" [2006-07-04 1200640]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104]
"VX1000"="c:\windows\vVX1000.exe" [2006-06-29 707376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Internet Sweeper"="c:\windows\system32\SWEEPER.EXE" [2002-05-05 159744]
"nwiz"="nwiz.exe" [2006-01-19 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-01-19 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-08-02 245760]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-07-21 24576]
Glance.lnk - c:\program files\Glance23\Glance.exe [2008-01-15 1115424]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-01-26 278528]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-1002\Scripts\Logon\0\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-1002\Scripts\Logon\0\1]
"Script"=logon.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-1002\Scripts\Logon\0\2]
"Script"=\\quintiq_apps\scan$\HDTCAudit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-3535\Scripts\Logon\0\0]
"Script"=logonqusa.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-3535\Scripts\Logon\1\0]
"Script"=logon.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-3535\Scripts\Logon\1\1]
"Script"=\\quintiq_apps\scan$\HDTCAudit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-3535\Scripts\Logon\2\0]
"Script"=logonmisc.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-500\Scripts\Logon\0\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-500\Scripts\Logon\0\1]
"Script"=logon.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1702575486-368451825-1349916565-500\Scripts\Logon\0\2]
"Script"=\\quintiq_apps\scan$\HDTCAudit.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Fortinet\\FortiClient\\ipsec.exe"=
"c:\\Program Files\\Quintiq\\Bin\\server.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Quintiq\\Bin\\dbodbc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 Fortigen;Fortigen;c:\windows\system32\drivers\fortigen.sys [2007-01-29 14376]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2007-02-22 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2007-02-22 35584]
R2 Fortips;Fortips;\??\c:\windows\system32\drivers\fortips.sys [2007-01-29 97192]
R2 FortiRdr;FortiRdr;\??\c:\windows\system32\drivers\FortiRdr.sys [2007-01-29 18728]
R2 SAVAdminService;Sophos Anti-Virus status reporter;"c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [2008-10-23 69632]
R2 SAVService;Sophos Anti-Virus;"c:\program files\Sophos\Sophos Anti-Virus\SavService.exe" [2008-09-30 98304]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe [2007-11-28 49152]
R2 WNTHW;WNTHW;\??\c:\windows\system32\DRIVERS\WNTHW.SYS [2007-11-28 9176]
R3 Fortidrv2;FortiNet Fortidrv Service;c:\windows\system32\DRIVERS\fortidrv.sys [2007-01-29 22440]
S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys [2007-01-29 14760]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-26 356920]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 14976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ac65ab1-50b4-11dc-801e-0015c5427eea}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\Daily scheduled scan.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2008-09-30 07:58]

2007-04-01 c:\windows\Tasks\EasyShare Registration RunOnce Task.job
- c:\windows\system32\rundll32.exe [2004-08-04 05:00]

2008-11-09 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2004-08-04 05:00]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 08:45:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fortinet\FortiClient\scheduler.exe
c:\program files\Fortinet\FortiClient\FCDBLog.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamSvc.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Sophos\Remote Management System\RouterNT.exe
c:\program files\Novell\ZENworks\Asset Management\bin\cclient.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Fortinet\FortiClient\FortiTray.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-12-09 8:56:22 - machine was rebooted [pete]
ComboFix-quarantined-files.txt 2008-12-09 13:56:18

Pre-Run: 21,835,259,904 bytes free
Post-Run: 21,755,437,056 bytes free

235 --- E O F --- 2008-12-09 13:55:09

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 09 December 2008 - 09:53 AM

Uninstall Ask Toolbar from your computer.. Is this a home or office computer?


Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • c:\documents and settings\pete\g2mdlhlpx.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.



Please run GMER as per my previous instruction.. Post these logs in your next reply..

1. Answer my question
2. VirScan.org
3. GMER..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 PetePA8820

PetePA8820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 09 December 2008 - 10:39 AM

1. It is a computer that I own that is used for work.

2. VirSCAN.org Scanned Report :
Scanned time : 2008/11/21 09:58:34 (EST)
Scanner results: All Scanners reported not find malware!
File Name : g2mdlhlpx.exe
File Size : 56912 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : ee2328e770493ee406420e02f83e266d
SHA1 : f9c85ca9b4e53ae72d6b04b064b8b8e4691fd465
Online report : http://virscan.org/report/693c153cf04261f8...1068ca7224.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.26 20081121010132 2008-11-21 3.48 -
AhnLab V3 2008.11.21.03 2008.11.21 2008-11-21 1.04 -
AntiVir 7.9.0.35 7.1.0.120 2008-11-21 1.60 -
Antiy 2.0.18 20081121.1721739 2008-11-21 0.12 -
Arcavir 1.0.5 200811161554 2008-11-16 1.41 -
Authentium 5.1.1 200811202210 2008-11-20 1.11 -
AVAST! 3.0.1 081120-0 2008-11-20 0.76 -
AVG 7.5.52.442 270.9.9/1802 2008-11-20 1.75 -
BitDefender 7.81008.2244245 7.21987 2008-11-21 2.07 -
CA (VET) 9.0.0.143 31.6.6221 2008-11-21 5.90 -
ClamAV 0.94.1 8659 2008-11-21 0.04 -
Comodo 2.11 2.0.0.712 2008-11-20 0.70 -
CP Secure 1.1.0.715 2008.11.21 2008-11-21 6.48 -
Dr.Web 4.44.0.9170 2008.11.21 2008-11-21 3.57 -
ewido 4.0.0.2 2008.11.21 2008-11-21 3.21 -
F-Prot 4.4.4.56 20081120 2008-11-20 1.11 -
F-Secure 5.51.6100 2008.11.21.05 2008-11-21 0.18 -
Fortinet 2.81-3.117 9.729 2008-11-20 0.22 -
GData 19.1612/19.115 20081121 2008-11-21 2.98 -
ViRobot 20081121 2008.11.21 2008-11-21 0.41 -
Ikarus T3.1.01.45 2008.11.21.71893 2008-11-21 3.94 -
JiangMin 11.0.706 2008.11.21 2008-11-21 1.41 -
Kaspersky 5.5.10 2008.11.21 2008-11-21 0.12 -
KingSoft 2008.9.8.18 2008.11.21.20 2008-11-21 0.73 -
McAfee 5.3.00 5440 2008-11-20 2.48 -
Microsoft 1.4104 2008.11.21 2008-11-21 4.07 -
mks_vir 2.01 2008.11.17 2008-11-17 2.80 -
Norman 5.93.01 5.93.00 2008-11-20 5.32 -
Panda 9.05.01 2008.11.21 2008-11-21 2.86 -
Trend Micro 8.700-1004 5.668.04 2008-11-21 0.05 -
Quick Heal 10.00 2008.11.21 2008-11-21 0.85 -
Rising 20.0 21.04.42.00 2008-11-21 0.95 -
Sophos 2.80.0 4.35 2008-11-21 2.20 -
Sunbelt 4474 4474 2008-11-04 0.50 -
Symantec 1.3.0.24 20081120.003 2008-11-20 0.07 -
nProtect 2008-11-21.01 2625797 2008-11-21 3.13 -
The Hacker 6.3.1.1 v00159 2008-11-19 0.48 -
VBA32 3.12.8.9 20081120.1348 2008-11-20 1.44 -
VirusBuster 4.5.11.10 10.94.1/715510 2008-11-21 1.28 -


3. GMER Results

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-09 10:39:17
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\fortigen.sys (FortiClient Generic Driver/Fortinet Inc) ZwDeleteKey [0xF7AE3E34]
SSDT \SystemRoot\system32\drivers\fortigen.sys (FortiClient Generic Driver/Fortinet Inc) ZwDeleteValueKey [0xF7AE3E00]
SSDT \SystemRoot\system32\drivers\fortigen.sys (FortiClient Generic Driver/Fortinet Inc) ZwQuerySystemInformation [0xF7AE3BA4]
SSDT \SystemRoot\system32\drivers\fortigen.sys (FortiClient Generic Driver/Fortinet Inc) ZwSetValueKey [0xF7AE3DBE]

---- Kernel code sections - GMER 1.0.14 ----

? Combo-Fix.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!GetWindowLongW 7E4188A6 7 Bytes JMP 00AA0F70 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)
.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00A91B70 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)
.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!SetWindowLongW 7E41D62B 5 Bytes JMP 00AA0FA0 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)
.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!GetScrollInfo 7E420DA2 7 Bytes JMP 00A91AC0 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)
.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!ShowScrollBar 7E42F2B3 5 Bytes JMP 00A91C40 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)
.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!GetScrollPos 7E42F6C4 5 Bytes JMP 00A91B00 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)
.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!SetScrollPos 7E42F710 5 Bytes JMP 00A91BB0 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)
.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!GetScrollRange 7E42F747 5 Bytes JMP 00A91B30 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)
.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!SetScrollRange 7E42F95B 5 Bytes JMP 00A91BF0 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)
.text C:\Program Files\Fortinet\FortiClient\FortiTray.exe[3236] USER32.dll!EnableScrollBar 7E467DDD 7 Bytes JMP 00A91A80 C:\Program Files\Fortinet\FortiClient\FortiSkin.dll (FortiClient Skin Library/Fortinet Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\pete\Cookies\pete@nytimes[1].txt 0 bytes
File C:\Documents and Settings\pete\Cookies\pete@tacoda[2].txt 0 bytes

---- EOF - GMER 1.0.14 ----

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 09 December 2008 - 12:58 PM

Lets do an online scan.. Just to make sure we don't miss anything... Do this when you want to sleep or don't use the computer as it will take quite a while


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How is the computer now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 PetePA8820

PetePA8820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 10 December 2008 - 11:40 AM

ESET Log

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3679 (20081209)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=5bb585448ad7c2408d5530433a97070f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-10 03:26:28
# local_time=2008-12-09 10:26:28 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=275945
# found=0
# scan_time=5351


The computer seems to be running great. Thanks you so much for all of your help !!!

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 10 December 2008 - 10:16 PM

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 PetePA8820

PetePA8820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 11 December 2008 - 08:44 AM

Computer is running great !! Thanks again for all of your help, it is greatly appreciated.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users