Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with VUNDO


  • This topic is locked This topic is locked
12 replies to this topic

#1 saroshj

saroshj

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 09 December 2008 - 11:54 AM

Hello Gurus,

My laptop has been infected with the Vundo malware/spyware. This causes windows to randomly popup with ads. Also this has degraded my laptop performance considerably. I've tried multiple tools to clean up this trojan, but it keeps coming back everytime i restart. I have user MalwareByte's Anti-malware, VundoFix.exe, SmitfraudFix.exe, McAfee, etc...but to no avail. I have run all of these tools in the safe mode and normal mode too...but it just does not clean up my system.

I've pasted the contents of the 2 files generated by RSIT.exe (info.txt & log.txt) and also the scan log from the Kaspersky Online scanner.

PLEASE HELP!!!!!!!


*-------------------------BEGIN Kapersky Online Scanner Log---------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 23:14:01
Records in database: 1444848


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\SJB\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 51433
Threat name 2
Infected objects 5
Suspicious objects 0
Duration of the scan 01:00:20

File name Threat name Threats count
C:\Program Files\dafejepa\dafejepa.dll Infected: Trojan.Win32.Monder.aavx 1

C:\Program Files\jutimono\jutimono.dll Infected: Trojan.Win32.Monder.aaua 1

C:\Program Files\pahogaho\pahogaho.dll Infected: Trojan.Win32.Monder.aavx 1

C:\Program Files\rihesiva\rihesiva.dll Infected: Trojan.Win32.Monder.aavx 1

C:\Program Files\yuvodufu\yuvodufu.dll Infected: Trojan.Win32.Monder.aavx 1

The selected area was scanned.
*-------------------------END Kapersky Online Scanner Log---------------------------------------


*-------------------------BEGIN RSIT Info.txt Log---------------------------------------

info.txt logfile of random's system information tool 1.04 2008-12-09 10:40:00

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
CamGrab-2Plus-->MsiExec.exe /I{53228C86-9CB1-4F04-B964-6E9329372A94}
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Cobra VPN 2.2.2.10-->"C:\WINDOWS\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Touchpad-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Document Manager Lite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
Driver Genius Professional Edition-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
EMBASSY Security Center-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEAFE1E5-076B-430A-96D9-B567792AFA88}
EMBASSY Trust Suite by Wave Systems-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9
ETS Launch Pad-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DD41AC25-61B2-4FC9-90AA-672F32139AC3}
GanttProject-->"C:\Program Files\GanttProject\uninstall.exe"
Go Boingo!-->MsiExec.exe /X{0380E703-A97C-4B2B-92CE-B9062A5240E6}
Google Video Uploader-->"C:\Program Files\Google Video\Uninstall.exe"
GuiXT-->"C:\Program Files\SAP\FrontEnd\SAPgui\SETUP.1\setup.exe" /u
GuiXT-->"C:\Program Files\SAP\FrontEnd\SAPgui\SETUP\setup.exe" /u
GuiXTDesigner-->MsiExec.exe /I{3AA632E5-5AFB-447F-88E2-509ED30554A3}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Driver Software 10.0 Rel .2-->C:\Program Files\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe -datfile hposcr21.dat -onestop
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Lexmark 5200 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBTUNST.EXE -NOLICENSE
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Lotus Notes 7.0.3-->MsiExec.exe /I{BE2E59E9-DB64-4E8C-938B-3A49A8B4B757}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
MetaFrame Presentation Server Client-->MsiExec.exe /I{7A1FB67F-A340-472A-97C3-A6AFFE078AAE}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft redistributable runtime DLLs VS2005 SP1(x86)-->MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}
Microsoft redistributable runtime DLLs VS2005(x86)-->MsiExec.exe /I{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Netbooster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\setup.exe" -l0x9 -vuninstall -removeonly
NetDrive-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NTRU Hybrid TSS v2.0.7-->MsiExec.exe /I{D1183FA8-AA29-4C82-B998-9593D7AF42FE}
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Preboot Manager-->MsiExec.exe /I{AE765884-4770-4A92-82D9-AB3192512B31}
Private Information Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0B0A2153-58A6-4244-B458-25EDF5FCD809}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAP Business Explorer-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPBI" /uninstall
SAP Download Manager-->"C:\Program Files\SAP Download Manager\UninstallerData\Uninstall DLManager.exe"
SAP GUI 7.10-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPGUI710" /uninstall
SAP NetWeaver Business Client-->"C:\Program Files\SAP\SAPsetup\setup\nwsapsetup.exe" /product:"NWBC" /uninstall
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Secure Update-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Wizards-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} /l1033
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE-->rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SonicWALL SSL-VPN NetExtender-->C:\Program Files\SonicWALL\SSL-VPN\NetExtender\uninst.exe
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB900930)-->"C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Wave Infrastructure Installer-->MsiExec.exe /I{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F}
Wave Support Software-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6CDAED1C-5B60-4818-88A7-E4A90CD367AF} /l1033
WebEx Recorder and Player-->MsiExec.exe /I{1D243F00-1389-4C63-A7E9-B17E967D1901}
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xcelsius 2008-->MsiExec.exe /I{A88A583F-C329-4D7B-AEC4-FF391AA83797}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZTE CDMA1X MODEM-->"C:\Program Files\ZTE CDMA1X MODEM\unins000.exe"

======Hosts File======

127.0.0.1 localhost loopback
172.31.64.80 CIN00 # Cincinnati Notes server/Internal IP Address
172.31.64.80 SVCMAIL # Short address for svcmail.svc-ag.com, used internally
172.31.64.80 INFOCENTRAL # Short address for InfoCentral.itelligencegroup.com, used internally
66.148.150.232 ITELL00 # US SAP Systems/External IP Address
172.31.64.58 itell01 # itell01 SAP Server
172.31.64.74 itell19.itelligencegroup.com
172.31.64.54 confbr.itelligencegroup.com
66.148.150.237 occsrv.svc-ag.com #occsrv Outsourcing Server
204.79.199.2 sapserv4 # SAPSERV4 OSS/CSU SAP Systems

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip

-----------------EOF-----------------

*-------------------------END RSIT Info.txt Log------------------------------------------


*-------------------------BEGIN RSIT log.txt contents-----------------------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by SJB at 2008-12-09 10:39:43
Microsoft Windows XP Professional Service Pack 2
System drive C: has 18 GB (24%) free of 76 GB
Total RAM: 2038 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:54 AM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\wex4962\EMCliSrv.exe
C:\WINDOWS\system32\FortiSslvpnDaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Netbooster Client\Client\ventc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Netbooster Client\squid\ventcsquid.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcunlinkd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Network Associates\VirusScan\entvutil.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\lotus\notes\NCDaemon.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\SAP\FrontEnd\sapgui\saplogon.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wex4962\emmeter.exe
C:\Documents and Settings\SJB\Desktop\RSIT.exe
C:\Program Files\trend micro\SJB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O1 - Hosts: 172.31.64.80 CIN00 # Cincinnati Notes server/Internal IP Address
O1 - Hosts: 172.31.64.80 SVCMAIL # Short address for svcmail.svc-ag.com, used internally
O1 - Hosts: 172.31.64.80 INFOCENTRAL # Short address for InfoCentral.itelligencegroup.com, used internally
O1 - Hosts: 66.148.150.232 ITELL00 # US SAP Systems/External IP Address
O1 - Hosts: 172.31.64.58 itell01 # itell01 SAP Server
O1 - Hosts: 172.31.64.74 itell19.itelligencegroup.com
O1 - Hosts: 172.31.64.54 confbr.itelligencegroup.com
O1 - Hosts: 66.148.150.237 occsrv.svc-ag.com #occsrv Outsourcing Server
O1 - Hosts: 204.79.199.2 sapserv4 # SAPSERV4 OSS/CSU SAP Systems
O1 - Hosts: 204.79.199.2 sapserv4.sfo.sap-ag.de
O1 - Hosts: 147.204.2.15 sapserv1a.wdf.sap-ag.de
O1 - Hosts: 147.204.2.16 sapserv2a.wdf.sap-ag.de
O1 - Hosts: 66.148.150.243 svpusnt8
O1 - Hosts: 194.76.45.2 cisco # CISCO 4000 Router
O1 - Hosts: 194.76.45.4 consult
O1 - Hosts: 194.76.45.211 florida # SUN Ultraserver
O1 - Hosts: 194.76.45.212 texas # HP-NT-Server
O1 - Hosts: 194.76.45.213 sylt # HP D210
O1 - Hosts: 194.76.45.80 IM001 # Notes-Server Bielefeld
O1 - Hosts: 194.76.45.81 Bi00 # Main Notes-Server Bielefeld
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {188a3d40-c1b0-417c-8ebf-bc60f9f46542} - C:\Program Files\hajefora\hajefora.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [kejugolobo] Rundll32.exe "C:\Program Files\bivewede\bivewede.dll",s
O4 - HKLM\..\Run: [c440488d] rundll32.exe "C:\Program Files\yiyufepa\yiyufepa.dll",b
O4 - HKLM\..\Run: [CPMc7737b11] Rundll32.exe "C:\Program Files\heparira\heparira.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-20\..\Run: [EFI Job Monitor] C:\WINDOWS\TEMP\JobMonitor\JobMonitor.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2594A0F4-5D0A-4C84-8458-1620575F82A2} (SynUpdate Class) - http://updates.guixt.com/latest/Deployer.ocx
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://access.varelintl.com/NELX.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://itelligencegroupusa.webex.com/clien...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{826F7032-3B4B-4EED-AEE1-F46392744DF9}: Domain = porkyproducts.loc
O17 - HKLM\System\CCS\Services\Tcpip\..\{826F7032-3B4B-4EED-AEE1-F46392744DF9}: NameServer = 10.30.57.30 10.30.57.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wxvault.dll c:\windows\system32\hugeloko.dll C:\Program Files\wibiragu\wibiragu.dll c:\PROGRA~1\heparira\heparira.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\PROGRA~1\heparira\heparira.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\PROGRA~1\heparira\heparira.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: EMCliSrv - Express Metrix - C:\WINDOWS\system32\wex4962\EMCliSrv.exe
O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hosts Copy (HostCopy) - Unknown owner - c:\windows\system32\HostCopyXPsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14357 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{188a3d40-c1b0-417c-8ebf-bc60f9f46542}]
C:\Program Files\hajefora\hajefora.dll [2008-09-08 64766]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-12 726568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CD20F0-7C09-11D5-A768-0050042307CE}]
Plugin Class - C:\PlayerIE\playerIE.dll [2005-10-24 144912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\Program Files\BAE\BAE.dll [2006-02-17 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"SonicWALLNetExtender"=C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [2007-04-25 558776]
"LXBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-01-25 159744]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"kejugolobo"=C:\Program Files\bivewede\bivewede.dll [2008-09-08 64766]
"c440488d"=C:\Program Files\yiyufepa\yiyufepa.dll [2008-12-09 88213]
"CPMc7737b11"=C:\Program Files\heparira\heparira.dll [2008-12-09 93864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
""= []
"QNPlus"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe [2004-06-04 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-05-17 505368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-05-17 780312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Venturi Configurator]
C:\Program Files\Netbooster Client\Configurator\ventcfg.exe [2007-02-05 923272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wxvault.dll c:\windows\system32\hugeloko.dll C:\Program Files\wibiragu\wibiragu.dll c:\PROGRA~1\heparira\heparira.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\PROGRA~1\heparira\heparira.dll [2008-12-09 93864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\PROGRA~1\heparira\heparira.dll [2008-12-09 93864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{606427C1-E5F0-4001-832B-BD7DF391ECA7}"=C:\WINDOWS\system32\wex4962\EMMeterHook760.dll [2006-06-06 163840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
"notification packages"=scecli
C:\Program Files\wibiragu\wibiragu.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Bollywood.tv\Bollywood.tv Download Manager\DownloadManager.exe"="C:\Program Files\Bollywood.tv\Bollywood.tv Download Manager\DownloadManager.exe:*:Disabled:Bollywood.tv Download Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Disabled:hpqnrs08.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Disabled:lsass"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Disabled:winlogon"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:Explorer"
"C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"="C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe:*:Enabled:LVComSer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-09 10:31:45 ----D---- C:\Program Files\yiyufepa
2008-12-09 10:31:45 ----D---- C:\Program Files\heparira
2008-12-09 10:31:35 ----D---- C:\Program Files\trend micro
2008-12-09 10:31:33 ----D---- C:\rsit
2008-12-08 15:17:47 ----D---- C:\Program Files\tayoyeza
2008-12-08 15:17:47 ----D---- C:\Program Files\haheboye
2008-12-08 14:17:53 ----D---- C:\Program Files\wibiragu
2008-12-08 14:17:53 ----D---- C:\Program Files\hajefora
2008-12-08 14:17:53 ----D---- C:\Program Files\bivewede
2008-12-08 14:17:41 ----D---- C:\Program Files\yokuwalu
2008-12-08 14:17:39 ----D---- C:\Program Files\vitifise
2008-12-08 14:17:39 ----D---- C:\Program Files\pewizasi
2008-12-07 12:12:30 ----D---- C:\Program Files\nokemafu
2008-12-07 12:12:30 ----D---- C:\Program Files\kigebele
2008-12-06 22:37:03 ----D---- C:\Program Files\fuzedanu
2008-12-06 22:37:03 ----D---- C:\Program Files\duweweba
2008-12-06 13:26:38 ----D---- C:\VundoFix Backups
2008-12-06 13:26:38 ----A---- C:\VundoFix.txt
2008-12-06 13:20:39 ----A---- C:\VundoFix.exe
2008-12-06 10:36:45 ----D---- C:\Program Files\vadihihe
2008-12-06 10:36:45 ----D---- C:\Program Files\kuhumepe
2008-12-05 23:24:45 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-05 23:24:27 ----A---- C:\rapport.txt
2008-12-05 23:23:12 ----D---- C:\SmitfraudFix
2008-12-05 23:15:08 ----A---- C:\SmitfraudFix.exe
2008-12-05 21:34:24 ----D---- C:\Program Files\simafubu
2008-12-05 21:34:24 ----D---- C:\Program Files\motawoma
2008-12-05 21:34:24 ----D---- C:\Program Files\fuvatozi
2008-12-05 21:34:17 ----D---- C:\Program Files\sekapehu
2008-12-05 21:34:16 ----D---- C:\Program Files\legehopo
2008-12-05 21:34:16 ----D---- C:\Program Files\fabuyoju
2008-12-05 09:34:04 ----D---- C:\Program Files\sokofosu
2008-12-05 09:34:04 ----D---- C:\Program Files\kutakobi
2008-12-05 09:29:52 ----A---- C:\mbam-log-2008-12-05 (10-29-44).txt
2008-12-04 20:18:25 ----D---- C:\Program Files\yasulihi
2008-12-04 20:18:25 ----D---- C:\Program Files\kubuwiwu
2008-12-04 08:18:20 ----D---- C:\Program Files\fofiluhi
2008-12-04 08:18:18 ----D---- C:\Program Files\futofeja
2008-12-04 08:18:18 ----D---- C:\Program Files\fazarago
2008-12-04 08:18:07 ----D---- C:\Program Files\lawopuni
2008-12-04 08:18:06 ----D---- C:\Program Files\tububiya
2008-12-04 08:18:06 ----D---- C:\Program Files\potudepa
2008-12-03 10:32:42 ----D---- C:\Program Files\pifiyoso
2008-12-03 10:32:42 ----D---- C:\Program Files\devaheye
2008-12-02 22:32:34 ----D---- C:\Program Files\tokurepa
2008-12-02 22:32:34 ----D---- C:\Program Files\jutimono
2008-12-02 09:17:47 ----D---- C:\Program Files\wonudaya
2008-12-02 09:17:47 ----D---- C:\Program Files\bugohude
2008-12-02 02:35:36 ----D---- C:\Program Files\yotadapi
2008-12-02 02:35:36 ----D---- C:\Program Files\latodowo
2008-12-02 02:35:36 ----D---- C:\Program Files\kiriwosa
2008-12-02 02:35:26 ----D---- C:\Program Files\tuhekejo
2008-12-02 02:35:26 ----D---- C:\Program Files\fusiboyi
2008-12-02 02:35:26 ----D---- C:\Program Files\bisuyilu
2008-12-01 11:51:38 ----D---- C:\Program Files\rugafivo
2008-12-01 11:51:38 ----D---- C:\Program Files\biperime
2008-11-30 12:49:45 ----D---- C:\Program Files\yuvodufu
2008-11-30 12:49:45 ----D---- C:\Program Files\wujiwibe
2008-11-29 13:22:05 ----D---- C:\Program Files\rihesiva
2008-11-29 13:22:05 ----D---- C:\Program Files\munijuri
2008-11-28 22:21:12 ----D---- C:\Program Files\pahogaho
2008-11-28 22:21:12 ----D---- C:\Program Files\kafuzelo
2008-11-28 10:21:50 ----D---- C:\Program Files\polupevu
2008-11-28 10:21:50 ----D---- C:\Program Files\dafejepa
2008-11-27 13:19:34 ----A---- C:\WINDOWS\wininit.ini
2008-11-27 13:19:28 ----D---- C:\Program Files\vapobawu
2008-11-27 13:19:28 ----D---- C:\Program Files\kurapene
2008-11-26 22:53:20 ----D---- C:\Program Files\videpabe
2008-11-26 22:53:20 ----D---- C:\Program Files\tidawuji
2008-11-26 10:53:02 ----D---- C:\Program Files\tahejoga
2008-11-26 10:53:02 ----D---- C:\Program Files\doyijaru
2008-11-25 11:45:00 ----D---- C:\Program Files\punidoko
2008-11-24 23:44:40 ----D---- C:\Program Files\wadoreme
2008-11-24 23:44:40 ----D---- C:\Program Files\rilukumi
2008-11-24 11:44:26 ----D---- C:\Program Files\pihumifa
2008-11-24 11:44:26 ----D---- C:\Program Files\kuzezeve
2008-11-23 23:43:56 ----D---- C:\Program Files\zoyehazo
2008-11-23 23:43:56 ----D---- C:\Program Files\dubodipi
2008-11-23 11:43:36 ----D---- C:\Program Files\sanevuki
2008-11-23 11:43:36 ----D---- C:\Program Files\higubowo
2008-11-22 19:15:50 ----D---- C:\Program Files\juvamonu
2008-11-22 19:15:50 ----D---- C:\Program Files\biheseya
2008-11-22 07:15:38 ----SH---- C:\WINDOWS\system32\rokonuge.exe
2008-11-21 11:14:14 ----SH---- C:\WINDOWS\system32\akasatur.ini
2008-11-21 10:50:23 ----A---- C:\PRD Create STD Price 11-21-2008.txt
2008-11-20 23:14:08 ----SH---- C:\WINDOWS\system32\asilojuy.ini
2008-11-20 11:13:52 ----SH---- C:\WINDOWS\system32\eniveser.ini
2008-11-18 17:13:01 ----A---- C:\QAS Create Standard Price.txt
2008-11-17 21:33:26 ----SH---- C:\WINDOWS\system32\rayeboke.exe
2008-11-17 16:47:48 ----D---- C:\Documents and Settings\SJB\Application Data\Malwarebytes
2008-11-17 16:47:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 16:47:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 13:27:05 ----SH---- C:\WINDOWS\system32\sumavabu.exe
2008-11-16 11:08:31 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-16 10:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 10:58:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-16 10:58:24 ----D---- C:\Documents and Settings\SJB\Application Data\SUPERAntiSpyware.com
2008-11-14 10:03:34 ----A---- C:\Standard Price QAS.txt
2008-11-12 23:55:56 ----A---- C:\Copy of Standard Price.txt
2008-11-12 12:57:47 ----A---- C:\Standard Price_old.txt

======List of files/folders modified in the last 1 months======

2008-12-09 10:31:53 ----D---- C:\WINDOWS\Prefetch
2008-12-09 10:31:45 ----RD---- C:\Program Files
2008-12-09 09:31:47 ----D---- C:\WINDOWS\Temp
2008-12-08 22:48:34 ----D---- C:\WINDOWS\system32
2008-12-08 22:43:24 ----A---- C:\WINDOWS\system32\EMCliSrv.bak
2008-12-08 18:37:52 ----D---- C:\WINDOWS
2008-12-08 16:28:07 ----A---- C:\WINDOWS\hpbafd.ini
2008-12-08 15:20:19 ----SHD---- C:\WINDOWS\Installer
2008-12-08 15:20:18 ----HD---- C:\Config.Msi
2008-12-07 20:31:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 14:50:20 ----D---- C:\Program Files\CamGrab-2Plus
2008-12-07 11:13:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 21:03:57 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-06 14:18:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 14:14:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-06 13:20:26 ----D---- C:\Documents and Settings\SJB\Application Data\HPAppData
2008-12-06 09:36:27 ----D---- C:\WINDOWS\system32\wex4962
2008-12-05 23:24:51 ----D---- C:\Program Files\Google
2008-12-05 23:08:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-03 19:59:23 ----AC---- C:\WINDOWS\sapgrph.ini
2008-12-02 17:34:37 ----SHD---- C:\WINDOWS\CSC
2008-12-01 11:33:17 ----D---- C:\Sarosh_general
2008-11-29 18:18:21 ----D---- C:\Sarosh_visiting visa
2008-11-28 16:21:26 ----D---- C:\quarantine
2008-11-25 19:37:07 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-23 00:49:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-23 00:49:10 ----D---- C:\Program Files\Common Files\Adobe
2008-11-23 00:49:09 ----D---- C:\Program Files\Adobe
2008-11-21 20:27:03 ----SHD---- C:\RECYCLER
2008-11-17 16:54:25 ----D---- C:\Documents and Settings
2008-11-17 12:04:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-17 08:56:09 ----D---- C:\Sarosh_misc
2008-11-17 08:45:53 ----D---- C:\Temp
2008-11-17 08:35:58 ----HD---- C:\WINDOWS\inf
2008-11-16 13:56:34 ----D---- C:\Program Files\Common Files
2008-11-15 17:09:30 ----D---- C:\WINDOWS\system32\Macromed
2008-11-15 16:53:07 ----A---- C:\WINDOWS\Setup Wizard.INI
2008-11-13 16:18:34 ----A---- C:\WINDOWS\Saplogon.ini
2008-11-11 23:46:57 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2006-06-08 58464]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-02-17 132608]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-11-30 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-11-30 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-05-11 25888]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2006-06-08 116864]
R3 pppop;PPPoP WAN Adapter; C:\WINDOWS\system32\DRIVERS\pppop.sys [2007-06-06 30208]
R3 SSLDrv;SSL-VPN NetExtender Adapter; C:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2007-04-25 19640]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2006-03-20 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-11-30 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem; C:\WINDOWS\system32\DRIVERS\BEFCMU10V4XP.sys [2004-07-05 14336]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-11 41888]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-06-06 20096]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\zteusbser.sys [2007-08-07 100480]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-06-16 1433616]
R2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2006-03-25 315392]
R2 EMCliSrv;EMCliSrv; C:\WINDOWS\system32\wex4962\EMCliSrv.exe [2006-06-06 245760]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon; C:\WINDOWS\system32\FortiSslvpnDaemon.exe [2007-06-06 501280]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-05-11 187168]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-11 133920]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2006-02-14 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2006-06-08 29184]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2007-09-27 53248]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 SONICWALL_NetExtender;SonicWALL NetExtender Service; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [2007-04-25 276152]
R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.7 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe [2005-11-30 180224]
R2 VenturiClient;Venturi Client; C:\Program Files\Netbooster Client\Client\ventc.exe [2007-02-05 2410080]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 94208]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 HostCopy;Hosts Copy; c:\windows\system32\HostCopyXPsrv.exe [2006-06-06 120845]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 lxbt_device;lxbt_device; C:\WINDOWS\system32\lxbtcoms.exe [2004-02-20 421888]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


*-------------------------END RSIT log.txt contents--------------------------------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 10 December 2008 - 03:04 AM

Wow.. This computer is extremely heavily infected.. Ok, let see if we can save this one :thumbsup: Lets do this..



Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall


Post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis (after ComboFix step)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 10 December 2008 - 03:05 AM

Wow.. This computer is extremely heavily infected.. Ok, let see if we can save this one :thumbsup: Lets do this..



Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall


Post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis (after ComboFix step)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 saroshj

saroshj
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 10 December 2008 - 10:52 AM

Hello fenzodahl512,


Thank you for the speedy reply.

I tried the first step of downloading SDFix.exe and mcafee on my system prompted me that this is file infected with a trojan.. ("generic.dx").

I have attached a screenshot of the message I get. Mcafee finally denies permission to download the file.

I did not disable the anitvirus before downloading SDFix.exe, cause that step was in your "NEXT" section.

Please advice.


Thanks in advance,

Attached Files



#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 10 December 2008 - 10:05 PM

Ok.. proceed with ComboFix step please.. And post the log here..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 saroshj

saroshj
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 11 December 2008 - 01:19 AM

Hello fenzodahl512,


I managed to download a working copy of SDFix. So i've attached 3 log files per your advice. 1) SDfix log file, 2) Combofix log file and 3) HiJackThis log file.

Please let me know if you need more information.

Thank you for all your help.


*-------------------------BEGIN SDFix Log---------------------------------------

SDFix: Version 1.240
Run by SJB on Wed 12/10/2008 at 23:09

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :

*-------------------------END SDFix Log------------------------------------------



*-------------------------BEGIN ComboFix Log-----------------------------------

ComboFix 08-12-09.03 - SJB 2008-12-10 23:44:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1136 [GMT -6:00]
Running from: C:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\hajefora\hajefora.dll
c:\windows\system32\akasatur.ini
c:\windows\system32\asilojuy.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\eniveser.ini
c:\windows\system32\tmp.reg
c:\windows\system32\zteitpcmcia.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-10 23:32 . <DIR> c:\windows\LastGood.Tmp
2008-12-10 23:32 . 2008-10-16 14:09 92,696 --a------ c:\windows\system32\cdm.dll.wusetup.292718.new
2008-12-10 23:04 . 2008-12-10 23:04 <DIR> d-------- c:\windows\ERUNT
2008-12-10 23:03 . 2008-12-10 23:03 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\DivX
2008-12-10 22:58 . 2008-12-10 23:38 <DIR> d-------- C:\SDFix
2008-12-10 22:20 . 2008-12-10 22:20 1,882,786 --a------ C:\SDFix.zip
2008-12-10 09:34 . 2008-12-10 09:35 <DIR> d-------- c:\program files\vakafeda
2008-12-10 09:34 . 2008-12-10 09:34 <DIR> d-------- c:\program files\mabazidu
2008-12-09 10:31 . 2008-12-09 10:40 <DIR> d-------- C:\rsit
2008-12-09 10:31 . 2008-12-09 10:32 <DIR> d-------- c:\program files\yiyufepa
2008-12-09 10:31 . 2008-12-09 10:39 <DIR> d-------- c:\program files\trend micro
2008-12-09 10:31 . 2008-12-09 10:31 <DIR> d-------- c:\program files\heparira
2008-12-08 15:17 . 2008-12-08 15:17 <DIR> d-------- c:\program files\tayoyeza
2008-12-08 15:17 . 2008-12-08 19:20 <DIR> d-------- c:\program files\haheboye
2008-12-08 14:17 . 2008-12-08 14:17 <DIR> d-------- c:\program files\yokuwalu
2008-12-08 14:17 . 2008-12-08 14:17 <DIR> d-------- c:\program files\wibiragu
2008-12-08 14:17 . 2008-12-08 14:17 <DIR> d-------- c:\program files\vitifise
2008-12-08 14:17 . 2008-12-08 14:18 <DIR> d-------- c:\program files\pewizasi
2008-12-08 14:17 . 2008-12-10 23:45 <DIR> d-------- c:\program files\hajefora
2008-12-08 14:17 . 2008-12-08 14:17 <DIR> d-------- c:\program files\bivewede
2008-12-07 12:12 . 2008-12-07 12:12 <DIR> d-------- c:\program files\nokemafu
2008-12-07 12:12 . 2008-12-07 12:12 <DIR> d-------- c:\program files\kigebele
2008-12-06 22:37 . 2008-12-06 22:37 <DIR> d-------- c:\program files\fuzedanu
2008-12-06 22:37 . 2008-12-06 22:37 <DIR> d-------- c:\program files\duweweba
2008-12-06 13:26 . 2008-12-06 13:26 <DIR> d-------- C:\VundoFix Backups
2008-12-06 13:20 . 2008-12-06 13:20 119,808 --a------ C:\VundoFix.exe
2008-12-06 10:36 . 2008-12-06 17:20 <DIR> d-------- c:\program files\vadihihe
2008-12-06 10:36 . 2008-12-06 10:36 <DIR> d-------- c:\program files\kuhumepe
2008-12-05 23:23 . 2008-12-06 13:57 <DIR> d-------- C:\SmitfraudFix
2008-12-05 23:15 . 2008-12-05 23:15 1,582,800 --a------ C:\SmitfraudFix.exe
2008-12-05 21:34 . 2008-12-08 14:17 <DIR> d-------- c:\program files\simafubu
2008-12-05 21:34 . 2008-12-05 21:34 <DIR> d-------- c:\program files\sekapehu
2008-12-05 21:34 . 2008-12-05 23:51 <DIR> d-------- c:\program files\motawoma
2008-12-05 21:34 . 2008-12-05 21:34 <DIR> d-------- c:\program files\legehopo
2008-12-05 21:34 . 2008-12-08 14:17 <DIR> d-------- c:\program files\fuvatozi
2008-12-05 21:34 . 2008-12-05 23:51 <DIR> d-------- c:\program files\fabuyoju
2008-12-05 09:34 . 2008-12-05 22:05 <DIR> d-------- c:\program files\sokofosu
2008-12-05 09:34 . 2008-12-05 09:34 <DIR> d-------- c:\program files\kutakobi
2008-12-04 20:18 . 2008-12-05 09:30 <DIR> d-------- c:\program files\yasulihi
2008-12-04 20:18 . 2008-12-06 17:20 <DIR> d-------- c:\program files\kubuwiwu
2008-12-04 08:18 . 2008-12-06 17:20 <DIR> d-------- c:\program files\tububiya
2008-12-04 08:18 . 2008-12-04 08:18 <DIR> d-------- c:\program files\potudepa
2008-12-04 08:18 . 2008-12-04 08:18 <DIR> d-------- c:\program files\lawopuni
2008-12-04 08:18 . 2008-12-05 22:05 <DIR> d-------- c:\program files\futofeja
2008-12-04 08:18 . 2008-12-05 22:05 <DIR> d-------- c:\program files\fofiluhi
2008-12-04 08:18 . 2008-12-05 09:30 <DIR> d-------- c:\program files\fazarago
2008-12-03 10:32 . 2008-12-06 17:20 <DIR> d-------- c:\program files\pifiyoso
2008-12-03 10:32 . 2008-12-03 10:32 <DIR> d-------- c:\program files\devaheye
2008-12-02 22:32 . 2008-12-06 17:20 <DIR> d-------- c:\program files\tokurepa
2008-12-02 22:32 . 2008-12-02 22:32 <DIR> d-------- c:\program files\jutimono
2008-12-02 09:17 . 2008-12-02 17:34 <DIR> d-------- c:\program files\wonudaya
2008-12-02 09:17 . 2008-12-06 17:20 <DIR> d-------- c:\program files\bugohude
2008-12-02 02:35 . 2008-12-04 08:18 <DIR> d-------- c:\program files\yotadapi
2008-12-02 02:35 . 2008-12-02 02:35 <DIR> d-------- c:\program files\tuhekejo
2008-12-02 02:35 . 2008-12-02 17:32 <DIR> d-------- c:\program files\latodowo
2008-12-02 02:35 . 2008-12-04 08:18 <DIR> d-------- c:\program files\kiriwosa
2008-12-02 02:35 . 2008-12-02 02:35 <DIR> d-------- c:\program files\fusiboyi
2008-12-02 02:35 . 2008-12-06 17:20 <DIR> d-------- c:\program files\bisuyilu
2008-12-01 11:51 . 2008-12-01 11:52 <DIR> d-------- c:\program files\rugafivo
2008-12-01 11:51 . 2008-12-01 11:51 <DIR> d-------- c:\program files\biperime
2008-11-30 12:49 . 2008-11-30 12:49 <DIR> d-------- c:\program files\yuvodufu
2008-11-30 12:49 . 2008-12-06 17:20 <DIR> d-------- c:\program files\wujiwibe
2008-11-29 13:22 . 2008-11-29 13:22 <DIR> d-------- c:\program files\rihesiva
2008-11-29 13:22 . 2008-12-06 17:20 <DIR> d-------- c:\program files\munijuri
2008-11-28 22:21 . 2008-11-28 22:21 <DIR> d-------- c:\program files\pahogaho
2008-11-28 22:21 . 2008-11-29 12:24 <DIR> d-------- c:\program files\kafuzelo
2008-11-28 10:21 . 2008-12-06 17:20 <DIR> d-------- c:\program files\polupevu
2008-11-28 10:21 . 2008-11-28 10:21 <DIR> d-------- c:\program files\dafejepa
2008-11-27 13:19 . 2008-11-28 23:41 <DIR> d-------- c:\program files\vapobawu
2008-11-27 13:19 . 2008-12-06 17:20 <DIR> d-------- c:\program files\kurapene
2008-11-27 13:19 . 2008-11-27 13:19 54 --a------ c:\windows\wininit.ini
2008-11-26 22:53 . 2008-12-06 17:20 <DIR> d-------- c:\program files\videpabe
2008-11-26 22:53 . 2008-12-06 17:20 <DIR> d-------- c:\program files\tidawuji
2008-11-26 10:53 . 2008-11-28 23:41 <DIR> d-------- c:\program files\tahejoga
2008-11-26 10:53 . 2008-12-06 17:20 <DIR> d-------- c:\program files\doyijaru
2008-11-25 19:30 . 2008-11-25 19:30 0 --a------ c:\windows\system32\ź;ź;
2008-11-25 11:45 . 2008-11-29 01:41 <DIR> d-------- c:\program files\punidoko
2008-11-25 11:12 . 2008-11-25 11:12 244 --ah----- C:\sqmnoopt02.sqm
2008-11-25 11:12 . 2008-11-25 11:12 232 --ah----- C:\sqmdata02.sqm
2008-11-24 23:44 . 2008-11-24 23:45 <DIR> d-------- c:\program files\wadoreme
2008-11-24 23:44 . 2008-11-24 23:45 <DIR> d-------- c:\program files\rilukumi
2008-11-24 11:44 . 2008-11-24 11:44 <DIR> d-------- c:\program files\pihumifa
2008-11-24 11:44 . 2008-11-24 11:44 <DIR> d-------- c:\program files\kuzezeve
2008-11-24 10:19 . 2008-11-24 10:19 244 --ah----- C:\sqmnoopt01.sqm
2008-11-24 10:19 . 2008-11-24 10:19 232 --ah----- C:\sqmdata01.sqm
2008-11-23 23:43 . 2008-11-23 23:44 <DIR> d-------- c:\program files\zoyehazo
2008-11-23 23:43 . 2008-11-23 23:44 <DIR> d-------- c:\program files\dubodipi
2008-11-23 11:43 . 2008-11-23 11:44 <DIR> d-------- c:\program files\sanevuki
2008-11-23 11:43 . 2008-11-23 11:44 <DIR> d-------- c:\program files\higubowo
2008-11-22 19:15 . 2008-11-22 19:16 <DIR> d-------- c:\program files\juvamonu
2008-11-22 19:15 . 2008-11-22 19:16 <DIR> d-------- c:\program files\biheseya
2008-11-22 13:04 . 2008-11-22 13:04 244 --ah----- C:\sqmnoopt00.sqm
2008-11-22 13:04 . 2008-11-22 13:04 232 --ah----- C:\sqmdata00.sqm
2008-11-22 07:15 . 2008-11-22 07:15 2,098 ---hs---- c:\windows\system32\rokonuge.exe
2008-11-17 21:33 . 2008-11-17 21:33 2,098 ---hs---- c:\windows\system32\rayeboke.exe
2008-11-17 16:55 . 2008-11-17 16:55 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\Malwarebytes
2008-11-17 16:54 . 2006-06-21 13:20 <DIR> d---s---- c:\documents and settings\SJB.I000511\UserData
2008-11-17 16:54 . 2008-03-19 18:28 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\Gtek
2008-11-17 16:54 . 2006-06-22 07:54 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\AdobeUM
2008-11-17 16:54 . 2008-11-17 16:54 <DIR> d-------- c:\documents and settings\SJB.I000511
2008-11-17 16:47 . 2008-12-06 14:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-17 16:47 . 2008-11-17 16:47 <DIR> d-------- c:\documents and settings\SJB\Application Data\Malwarebytes
2008-11-17 16:47 . 2008-11-17 16:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-17 16:47 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-17 16:47 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 08:45 . 2008-11-17 08:45 2,372,472 --a------ c:\temp\mbam-setup.exe
2008-11-16 13:27 . 2008-11-16 13:27 2,098 ---hs---- c:\windows\system32\sumavabu.exe
2008-11-16 10:58 . 2008-11-16 13:56 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-16 10:58 . 2008-11-16 13:57 <DIR> d-------- c:\documents and settings\SJB\Application Data\SUPERAntiSpyware.com
2008-11-16 10:58 . 2008-11-16 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 10:57 . 2008-11-16 10:57 6,637,592 --a------ c:\temp\SUPERAntiSpyware.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 05:41 2,872,018 ----a-r C:\ComboFix.exe
2008-12-11 05:39 --------- d-----w c:\documents and settings\SJB\Application Data\HPAppData
2008-12-11 05:36 --------- d-----w c:\program files\Lx_cats
2008-12-07 20:50 --------- d-----w c:\program files\CamGrab-2Plus
2008-12-06 05:24 --------- d-----w c:\program files\Google
2008-12-06 05:08 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 06:49 --------- d-----w c:\program files\Common Files\Adobe
2008-11-08 18:10 --------- d-----w c:\program files\MSN Messenger
2008-11-01 19:21 --------- d-----w c:\documents and settings\SJB\Application Data\HP
2008-11-01 19:09 --------- d-----w c:\program files\HP
2008-11-01 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-01 19:00 --------- d-----w c:\program files\Hewlett-Packard
2008-11-01 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-30 00:58 40,064 -c--a-w c:\documents and settings\SJB\Application Data\GDIPFONTCACHEV1.DAT
2008-10-16 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2008-10-16 01:59 --------- d-----w c:\documents and settings\SJB\Application Data\Apple Computer
2008-10-15 19:20 --------- d-----w c:\program files\iTunes
2008-10-15 19:20 --------- d-----w c:\program files\iPod
2008-10-15 19:20 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-14 23:04 --------- d-----w c:\documents and settings\SJB\Application Data\webex
2008-10-14 21:38 --------- d-----w c:\program files\MSECACHE
2006-12-29 14:15 626,688 -c--a-w c:\program files\Common Files\sapconsaccess.dll
2006-12-29 14:15 40,960 -c--a-w c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 14:15 3,100,672 -c--a-w c:\program files\Common Files\sapxlhelper.dll
2006-12-29 14:15 192,512 -c--a-w c:\program files\Common Files\sapconsr3.dll
2006-12-07 09:26 1,129,984 -c--a-w c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 09:26 1,124,864 -c--a-w c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 49,152 2006-02-17 15:28:36 c:\dell\E-Center\bak\gtb.exe

----a-w 2,019,328 2007-05-03 23:43:38 c:\documents and settings\SJB\My Documents\My Videos\Veoh\AppBackup\bak\VeohClient.exe
----a-w 3,497,984 2008-01-30 19:11:10 c:\documents and settings\SJB\My Documents\My Videos\Veoh\AppBackup\VeohClient.exe

-c--a-r 176,128 2005-10-07 17:13:38 c:\program files\Apoint\bak\Apoint.exe
----a-w 159,744 2007-01-25 21:34:22 c:\program files\Apoint\Apoint.exe

-c--a-w 333,360 2007-03-06 19:45:36 c:\program files\Boingo\GoBoingo\bak\GoBoingo.exe

-c--a-w 147,514 2003-10-07 13:48:56 c:\program files\Common Files\Network Associates\TalkBack\bak\tbmon.exe

-c--a-w 185,896 2006-12-01 23:36:46 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 49,152 2005-12-10 01:29:52 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe

-c--a-w 1,032,192 2006-04-06 19:58:52 c:\program files\Dell\QuickSet\bak\quickset.exe

-c--a-w 49,263 2006-10-12 08:10:54 c:\program files\Java\jre1.5.0_09\bin\bak\jusched.exe

-c--a-w 1,694,208 2004-10-13 16:24:37 c:\program files\Messenger\bak\msmsgs.exe

-c--a-w 294,912 2003-04-14 22:11:52 c:\program files\NetDrive\bak\netdrive.exe

-c--a-w 139,320 2004-08-06 07:50:00 c:\program files\Network Associates\Common Framework\bak\UpdaterUI.exe

-c--a-w 282,624 2007-04-27 15:41:54 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-09-06 20:09:14 c:\program files\QuickTime\QTTask.exe

-c--a-w 25,367,592 2007-01-12 19:57:44 c:\program files\Skype\Phone\bak\Skype.exe

-c--a-w 2,019,328 2007-05-03 23:43:38 c:\program files\Veoh Networks\Veoh\bak\VeohClient.exe
----a-w 3,660,848 2008-08-28 15:18:24 c:\program files\Veoh Networks\Veoh\VeohClient.exe

-c--a-w 98,304 2006-03-09 17:26:10 c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\bak\docmgr.exe

-c--a-w 15,360 2004-08-04 10:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 10:00:00 c:\windows\system32\ctfmon.exe

-c--a-w 77,824 2005-12-13 21:41:08 c:\windows\system32\bak\hkcmd.exe

-c--a-w 118,784 2005-12-13 21:45:00 c:\windows\system32\bak\igfxpers.exe

-c--a-w 98,304 2005-12-13 21:44:18 c:\windows\system32\bak\igfxtray.exe

-c--a-w 1,347,584 2005-12-19 13:08:42 c:\windows\system32\bak\WLTRAY.exe
----a-w 1,392,640 2007-03-17 00:10:54 c:\windows\system32\WLTRAY.EXE

-c-ha-w 1,980 2007-08-02 03:47:41 c:\windows\system32\wex4962\bak\cachedApps.xml
-c-ha-w 7,126,252 2006-11-27 22:56:18 c:\windows\system32\wex4962\cachedApps.xml

-c-ha-w 552,960 2006-06-06 17:24:32 c:\windows\system32\wex4962\bak\EMMeter.exe
---ha-w 552,960 2006-06-06 17:24:32 c:\windows\system32\wex4962\EMMeter.exe

-c--a-w 3,412 2007-09-24 04:14:59 c:\windows\system32\wex4962\bak\Meter.log
----a-w 114,235 2008-12-11 05:52:15 c:\windows\system32\wex4962\Meter.log

-c-ha-w 780 2007-09-24 04:14:58 c:\windows\system32\wex4962\bak\options.xml
---ha-w 780 2007-07-16 20:38:29 c:\windows\system32\wex4962\options.xml

-c-ha-w 88 2007-08-02 03:47:34 c:\windows\system32\wex4962\bak\RecentApps.xml
---ha-w 88 2006-11-27 22:55:58 c:\windows\system32\wex4962\RecentApps.xml

----a-w 2,019,328 2007-05-03 23:43:38 e:\sarosh\sarosh_office\sarosh_backup\Office\Veoh\AppBackup\bak\VeohClient.exe
----a-w 3,497,984 2008-01-30 19:11:10 e:\sarosh\sarosh_office\sarosh_backup\Office\Veoh\AppBackup\VeohClient.exe

----a-w 2,019,328 2007-05-03 23:43:38 e:\sarosh\Veoh\AppBackup\bak\VeohClient.exe
----a-w 3,497,984 2008-01-30 19:11:10 e:\sarosh\Veoh\AppBackup\VeohClient.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{188a3d40-c1b0-417c-8ebf-bc60f9f46542}]
2008-09-11 00:01 61068 --ahs---- c:\program files\pafikiwu\pafikiwu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"QNPlus"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2007-04-25 558776]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"kejugolobo"="c:\program files\rarayuna\rarayuna.dll" [2008-09-11 61068]
"c440488d"="c:\program files\kolayela\kolayela.dll" [2008-12-11 86095]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-12-14 1466384]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-06-13 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2006-11-08 233744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{606427C1-E5F0-4001-832B-BD7DF391ECA7}"= "c:\windows\system32\wex4962\EMMeterHook760.dll" [2006-06-06 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\program files\saperiho\saperiho.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
Notification Packages REG_MULTI_SZ scecli c:\program files\saperiho\saperiho.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 16:16 454784 c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 16:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
--a--c--- 2004-06-04 05:58 57344 c:\program files\Lexmark 5200 Series\lxbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2007-05-17 10:52 505368 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-05-17 10:53 780312 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
c:\program files\Skype\Phone\Skype.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Venturi Configurator]
--a--c--- 2007-02-05 16:53 923272 c:\program files\Netbooster Client\Configurator\ventcfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=
"c:\\WINDOWS\\explorer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13523:TCP"= 13523:TCP:*:Disabled:BitComet 13523 TCP
"13523:UDP"= 13523:UDP:*:Disabled:BitComet 13523 UDP
"9420:TCP"= 9420:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-06-22 58464]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon;c:\windows\system32\FortiSslvpnDaemon.exe [2008-08-14 501280]
R2 VenturiClient;Venturi Client;c:\program files\Netbooster Client\Client\ventc.exe [2007-10-24 2410080]
R2 WebDriveFSD;WebDrive File System Driver;\??\c:\program files\NetDrive\rffsd.sys [2007-01-17 67032]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop.sys [2007-06-06 30208]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2007-04-25 19640]
S2 HostCopy;Hosts Copy;c:\windows\system32\HostCopyXPsrv.exe [2006-06-22 120845]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\DRIVERS\BEFCMU10V4XP.sys [2008-03-01 14336]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-17 38496]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\zteusbser.sys [2007-10-23 100480]
S4 RFNP32;WebDrive Provider; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: vwlsp.dll

c:\windows\Downloaded Program Files\Deployer.ocx - O16 -: {2594A0F4-5D0A-4C84-8458-1620575F82A2}
hxxp://updates.guixt.com/latest/Deployer.ocx

c:\windows\NESetupM.exe.manifest - c:\windows\NESetupM.exe
c:\windows\Downloaded Program Files\NELaunchX.dll
O16 -: {6EEFD7B1-B26C-440D-B55A-1EC677189F30}
hxxps://access.varelintl.com/NELX.cab
c:\windows\Downloaded Program Files\NELaunchX.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 23:50:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\COMRes.dll
c:\windows\system32\RFNP32.DLL
c:\windows\system32\RFHelper.dll
c:\windows\system32\rfhres.dll

- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\wibiragu\wibiragu.dll
c:\windows\system32\vwlsp.dll
c:\windows\system32\EntApi.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\saperiho\saperiho.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\windows\system32\wex4962\EMCliSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
c:\program files\NetDrive\wdService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Netbooster Client\squid\ventcsquid.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcunlinkd.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-11 0:07:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-11 06:07:37

Pre-Run: 19,016,392,704 bytes free
Post-Run: 20,198,006,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

417 --- E O F --- 2008-06-24 05:45:34

*-------------------------END ComboFix Log--------------------------------------


*-------------------------BEGIN HijackThis Log-----------------------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by SJB at 2008-12-11 00:13:50
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (25%) free of 76 GB
Total RAM: 2038 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:13, on 2008-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\wex4962\EMCliSrv.exe
C:\WINDOWS\system32\FortiSslvpnDaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Netbooster Client\Client\ventc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Netbooster Client\squid\ventcsquid.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcunlinkd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\SJB\Desktop\RSIT.exe
C:\WINDOWS\system32\wex4962\emmeter.exe
C:\Program Files\trend micro\SJB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {188a3d40-c1b0-417c-8ebf-bc60f9f46542} - C:\Program Files\pafikiwu\pafikiwu.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [kejugolobo] Rundll32.exe "C:\Program Files\rarayuna\rarayuna.dll",s
O4 - HKLM\..\Run: [c440488d] rundll32.exe "C:\Program Files\kolayela\kolayela.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2594A0F4-5D0A-4C84-8458-1620575F82A2} (SynUpdate Class) - http://updates.guixt.com/latest/Deployer.ocx
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://access.varelintl.com/NELX.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://itelligencegroupusa.webex.com/clien...bex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Program Files\saperiho\saperiho.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: EMCliSrv - Express Metrix - C:\WINDOWS\system32\wex4962\EMCliSrv.exe
O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hosts Copy (HostCopy) - Unknown owner - c:\windows\system32\HostCopyXPsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12734 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{188a3d40-c1b0-417c-8ebf-bc60f9f46542}]
C:\Program Files\pafikiwu\pafikiwu.dll [2008-09-11 61068]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-12 726568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CD20F0-7C09-11D5-A768-0050042307CE}]
Plugin Class - C:\PlayerIE\playerIE.dll [2005-10-24 144912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\Program Files\BAE\BAE.dll [2006-02-17 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"SonicWALLNetExtender"=C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [2007-04-25 558776]
"LXBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-01-25 159744]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"kejugolobo"=C:\Program Files\rarayuna\rarayuna.dll [2008-09-11 61068]
"c440488d"=C:\Program Files\kolayela\kolayela.dll [2008-12-11 86095]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"QNPlus"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe [2004-06-04 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-05-17 505368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-05-17 780312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Venturi Configurator]
C:\Program Files\Netbooster Client\Configurator\ventcfg.exe [2007-02-05 923272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Program Files\saperiho\saperiho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{606427C1-E5F0-4001-832B-BD7DF391ECA7}"=C:\WINDOWS\system32\wex4962\EMMeterHook760.dll [2006-06-06 163840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
"notification packages"=scecli
C:\Program Files\saperiho\saperiho.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"="C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe:*:Enabled:LVComSer"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-11 00:01:56 ----D---- C:\Program Files\saperiho
2008-12-11 00:01:56 ----D---- C:\Program Files\rarayuna
2008-12-11 00:01:56 ----D---- C:\Program Files\pafikiwu
2008-12-11 00:01:52 ----D---- C:\Program Files\gitadodi
2008-12-11 00:01:48 ----D---- C:\Program Files\pewodaju
2008-12-11 00:01:48 ----D---- C:\Program Files\kolayela
2008-12-10 23:43:56 ----A---- C:\Boot.bak
2008-12-10 23:43:51 ----RASHD---- C:\cmdcons
2008-12-10 23:41:43 ----A---- C:\WINDOWS\zip.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\sed.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\grep.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 23:41:35 ----D---- C:\WINDOWS\ERDNT
2008-12-10 23:41:35 ----D---- C:\Qoobox
2008-12-10 23:41:06 ----RA---- C:\ComboFix.exe
2008-12-10 23:35:10 ----D---- C:\Documents and Settings\SJB\Application Data\WinRAR
2008-12-10 23:32:56 ----A---- C:\WINDOWS\system32\cdm.dll.wusetup.292718.new
2008-12-10 23:04:09 ----D---- C:\WINDOWS\ERUNT
2008-12-10 22:58:46 ----D---- C:\SDFix
2008-12-10 09:34:20 ----D---- C:\Program Files\vakafeda
2008-12-10 09:34:20 ----D---- C:\Program Files\mabazidu
2008-12-09 10:31:45 ----D---- C:\Program Files\yiyufepa
2008-12-09 10:31:45 ----D---- C:\Program Files\heparira
2008-12-09 10:31:35 ----D---- C:\Program Files\trend micro
2008-12-09 10:31:33 ----D---- C:\rsit
2008-12-08 15:17:47 ----D---- C:\Program Files\tayoyeza
2008-12-08 15:17:47 ----D---- C:\Program Files\haheboye
2008-12-08 14:17:53 ----D---- C:\Program Files\wibiragu
2008-12-08 14:17:53 ----D---- C:\Program Files\hajefora
2008-12-08 14:17:53 ----D---- C:\Program Files\bivewede
2008-12-08 14:17:41 ----D---- C:\Program Files\yokuwalu
2008-12-08 14:17:39 ----D---- C:\Program Files\vitifise
2008-12-08 14:17:39 ----D---- C:\Program Files\pewizasi
2008-12-07 12:12:30 ----D---- C:\Program Files\nokemafu
2008-12-07 12:12:30 ----D---- C:\Program Files\kigebele
2008-12-06 22:37:03 ----D---- C:\Program Files\fuzedanu
2008-12-06 22:37:03 ----D---- C:\Program Files\duweweba
2008-12-06 13:26:38 ----D---- C:\VundoFix Backups
2008-12-06 13:26:38 ----A---- C:\VundoFix.txt
2008-12-06 13:20:39 ----A---- C:\VundoFix.exe
2008-12-06 10:36:45 ----D---- C:\Program Files\vadihihe
2008-12-06 10:36:45 ----D---- C:\Program Files\kuhumepe
2008-12-05 23:24:45 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-05 23:24:27 ----A---- C:\rapport.txt
2008-12-05 23:23:12 ----D---- C:\SmitfraudFix
2008-12-05 23:15:08 ----A---- C:\SmitfraudFix.exe
2008-12-05 21:34:24 ----D---- C:\Program Files\simafubu
2008-12-05 21:34:24 ----D---- C:\Program Files\motawoma
2008-12-05 21:34:24 ----D---- C:\Program Files\fuvatozi
2008-12-05 21:34:17 ----D---- C:\Program Files\sekapehu
2008-12-05 21:34:16 ----D---- C:\Program Files\legehopo
2008-12-05 21:34:16 ----D---- C:\Program Files\fabuyoju
2008-12-05 09:34:04 ----D---- C:\Program Files\sokofosu
2008-12-05 09:34:04 ----D---- C:\Program Files\kutakobi
2008-12-05 09:29:52 ----A---- C:\mbam-log-2008-12-05 (10-29-44).txt
2008-12-04 20:18:25 ----D---- C:\Program Files\yasulihi
2008-12-04 20:18:25 ----D---- C:\Program Files\kubuwiwu
2008-12-04 08:18:20 ----D---- C:\Program Files\fofiluhi
2008-12-04 08:18:18 ----D---- C:\Program Files\futofeja
2008-12-04 08:18:18 ----D---- C:\Program Files\fazarago
2008-12-04 08:18:07 ----D---- C:\Program Files\lawopuni
2008-12-04 08:18:06 ----D---- C:\Program Files\tububiya
2008-12-04 08:18:06 ----D---- C:\Program Files\potudepa
2008-12-03 10:32:42 ----D---- C:\Program Files\pifiyoso
2008-12-03 10:32:42 ----D---- C:\Program Files\devaheye
2008-12-02 22:32:34 ----D---- C:\Program Files\tokurepa
2008-12-02 22:32:34 ----D---- C:\Program Files\jutimono
2008-12-02 09:17:47 ----D---- C:\Program Files\wonudaya
2008-12-02 09:17:47 ----D---- C:\Program Files\bugohude
2008-12-02 02:35:36 ----D---- C:\Program Files\yotadapi
2008-12-02 02:35:36 ----D---- C:\Program Files\latodowo
2008-12-02 02:35:36 ----D---- C:\Program Files\kiriwosa
2008-12-02 02:35:26 ----D---- C:\Program Files\tuhekejo
2008-12-02 02:35:26 ----D---- C:\Program Files\fusiboyi
2008-12-02 02:35:26 ----D---- C:\Program Files\bisuyilu
2008-12-01 11:51:38 ----D---- C:\Program Files\rugafivo
2008-12-01 11:51:38 ----D---- C:\Program Files\biperime
2008-11-30 12:49:45 ----D---- C:\Program Files\yuvodufu
2008-11-30 12:49:45 ----D---- C:\Program Files\wujiwibe
2008-11-29 13:22:05 ----D---- C:\Program Files\rihesiva
2008-11-29 13:22:05 ----D---- C:\Program Files\munijuri
2008-11-28 22:21:12 ----D---- C:\Program Files\pahogaho
2008-11-28 22:21:12 ----D---- C:\Program Files\kafuzelo
2008-11-28 10:21:50 ----D---- C:\Program Files\polupevu
2008-11-28 10:21:50 ----D---- C:\Program Files\dafejepa
2008-11-27 13:19:34 ----A---- C:\WINDOWS\wininit.ini
2008-11-27 13:19:28 ----D---- C:\Program Files\vapobawu
2008-11-27 13:19:28 ----D---- C:\Program Files\kurapene
2008-11-26 22:53:20 ----D---- C:\Program Files\videpabe
2008-11-26 22:53:20 ----D---- C:\Program Files\tidawuji
2008-11-26 10:53:02 ----D---- C:\Program Files\tahejoga
2008-11-26 10:53:02 ----D---- C:\Program Files\doyijaru
2008-11-25 11:45:00 ----D---- C:\Program Files\punidoko
2008-11-24 23:44:40 ----D---- C:\Program Files\wadoreme
2008-11-24 23:44:40 ----D---- C:\Program Files\rilukumi
2008-11-24 11:44:26 ----D---- C:\Program Files\pihumifa
2008-11-24 11:44:26 ----D---- C:\Program Files\kuzezeve
2008-11-23 23:43:56 ----D---- C:\Program Files\zoyehazo
2008-11-23 23:43:56 ----D---- C:\Program Files\dubodipi
2008-11-23 11:43:36 ----D---- C:\Program Files\sanevuki
2008-11-23 11:43:36 ----D---- C:\Program Files\higubowo
2008-11-22 19:15:50 ----D---- C:\Program Files\juvamonu
2008-11-22 19:15:50 ----D---- C:\Program Files\biheseya
2008-11-22 07:15:38 ----SH---- C:\WINDOWS\system32\rokonuge.exe
2008-11-21 10:50:23 ----A---- C:\PRD Create STD Price 11-21-2008.txt
2008-11-18 17:13:01 ----A---- C:\QAS Create Standard Price.txt
2008-11-17 21:33:26 ----SH---- C:\WINDOWS\system32\rayeboke.exe
2008-11-17 16:47:48 ----D---- C:\Documents and Settings\SJB\Application Data\Malwarebytes
2008-11-17 16:47:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 16:47:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 13:27:05 ----SH---- C:\WINDOWS\system32\sumavabu.exe
2008-11-16 11:08:31 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-16 10:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 10:58:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-16 10:58:24 ----D---- C:\Documents and Settings\SJB\Application Data\SUPERAntiSpyware.com
2008-11-14 10:03:34 ----A---- C:\Standard Price QAS.txt
2008-11-12 23:55:56 ----A---- C:\Copy of Standard Price.txt
2008-11-12 12:57:47 ----A---- C:\Standard Price_old.txt

======List of files/folders modified in the last 1 months======

2008-12-11 00:07:56 ----D---- C:\WINDOWS\Temp
2008-12-11 00:07:50 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 00:07:50 ----D---- C:\WINDOWS\system32
2008-12-11 00:07:48 ----D---- C:\WINDOWS
2008-12-11 00:01:56 ----RD---- C:\Program Files
2008-12-10 23:54:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 23:51:15 ----D---- C:\WINDOWS\Prefetch
2008-12-10 23:50:45 ----A---- C:\WINDOWS\system.ini
2008-12-10 23:49:36 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-10 23:47:12 ----D---- C:\WINDOWS\system32\config
2008-12-10 23:45:12 ----D---- C:\WINDOWS\AppPatch
2008-12-10 23:45:12 ----D---- C:\Program Files\Common Files
2008-12-10 23:44:42 ----D---- C:\Documents and Settings\SJB\Application Data\HPAppData
2008-12-10 23:43:56 ----RASH---- C:\boot.ini
2008-12-10 23:42:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-10 23:36:03 ----D---- C:\Program Files\Lx_cats
2008-12-10 23:32:50 ----HD---- C:\WINDOWS\inf
2008-12-10 23:32:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-10 23:28:31 ----SHD---- C:\WINDOWS\CSC
2008-12-10 22:19:07 ----D---- C:\quarantine
2008-12-10 18:09:14 ----A---- C:\WINDOWS\hpbafd.ini
2008-12-09 17:53:11 ----A---- C:\WINDOWS\Saplogon.ini
2008-12-08 22:43:24 ----A---- C:\WINDOWS\system32\EMCliSrv.bak
2008-12-08 15:20:19 ----SHD---- C:\WINDOWS\Installer
2008-12-08 15:20:18 ----HD---- C:\Config.Msi
2008-12-07 14:50:20 ----D---- C:\Program Files\CamGrab-2Plus
2008-12-06 09:36:27 ----D---- C:\WINDOWS\system32\wex4962
2008-12-05 23:24:51 ----D---- C:\Program Files\Google
2008-12-05 23:08:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-03 19:59:23 ----AC---- C:\WINDOWS\sapgrph.ini
2008-12-01 11:33:17 ----D---- C:\Sarosh_general
2008-11-29 18:18:21 ----D---- C:\Sarosh_visiting visa
2008-11-25 19:37:07 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-23 00:49:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-23 00:49:10 ----D---- C:\Program Files\Common Files\Adobe
2008-11-23 00:49:09 ----D---- C:\Program Files\Adobe
2008-11-17 16:54:25 ----D---- C:\Documents and Settings
2008-11-17 12:04:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-17 08:56:09 ----D---- C:\Sarosh_misc
2008-11-17 08:45:53 ----D---- C:\Temp
2008-11-15 17:09:30 ----D---- C:\WINDOWS\system32\Macromed
2008-11-15 16:53:07 ----A---- C:\WINDOWS\Setup Wizard.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2006-06-08 58464]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-02-17 132608]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-11-30 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-11-30 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-05-11 25888]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2006-06-08 116864]
R3 pppop;PPPoP WAN Adapter; C:\WINDOWS\system32\DRIVERS\pppop.sys [2007-06-06 30208]
R3 SSLDrv;SSL-VPN NetExtender Adapter; C:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2007-04-25 19640]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2006-03-20 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-11-30 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem; C:\WINDOWS\system32\DRIVERS\BEFCMU10V4XP.sys [2004-07-05 14336]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-11 41888]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-06-06 20096]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\zteusbser.sys [2007-08-07 100480]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-06-16 1433616]
R2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2006-03-25 315392]
R2 EMCliSrv;EMCliSrv; C:\WINDOWS\system32\wex4962\EMCliSrv.exe [2006-06-06 245760]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon; C:\WINDOWS\system32\FortiSslvpnDaemon.exe [2007-06-06 501280]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-05-11 187168]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-11 133920]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2006-02-14 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2006-06-08 29184]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2007-09-27 53248]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 SONICWALL_NetExtender;SonicWALL NetExtender Service; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [2007-04-25 276152]
R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.7 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe [2005-11-30 180224]
R2 VenturiClient;Venturi Client; C:\Program Files\Netbooster Client\Client\ventc.exe [2007-02-05 2410080]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 94208]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 HostCopy;Hosts Copy; c:\windows\system32\HostCopyXPsrv.exe [2006-06-06 120845]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 lxbt_device;lxbt_device; C:\WINDOWS\system32\lxbtcoms.exe [2004-02-20 421888]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

*-------------------------END HijackThis Log--------------------------------------

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 11 December 2008 - 06:52 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\cdm.dll.wusetup.292718.new
C:\VundoFix.exe
C:\SmitfraudFix.exe
C:\sqmnoopt01.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
c:\windows\system32\rokonuge.exe
c:\windows\system32\rayeboke.exe
c:\windows\system32\sumavabu.exe

Folder::
c:\program files\vakafeda
c:\program files\mabazidu
c:\program files\yiyufepa
c:\program files\heparira
c:\program files\tayoyeza
c:\program files\haheboye
c:\program files\yokuwalu
c:\program files\wibiragu
c:\program files\vitifise
c:\program files\pewizasi
c:\program files\hajefora
c:\program files\bivewede
c:\program files\nokemafu
c:\program files\kigebele
c:\program files\fuzedanu
c:\program files\duweweba
c:\program files\vadihihe
c:\program files\kuhumepe
C:\VundoFix Backups
C:\SmitfraudFix
c:\program files\simafubu
c:\program files\sekapehu
c:\program files\motawoma
c:\program files\legehopo
c:\program files\fuvatozi
c:\program files\fabuyoju
c:\program files\sokofosu
c:\program files\kutakobi
c:\program files\yasulihi
c:\program files\kubuwiwu
c:\program files\tububiya
c:\program files\potudepa
c:\program files\lawopuni
c:\program files\futofeja
c:\program files\fofiluhi
c:\program files\fazarago
c:\program files\pifiyoso
c:\program files\devaheye
c:\program files\tokurepa
c:\program files\jutimono
c:\program files\wonudaya
c:\program files\bugohude
c:\program files\yotadapi
c:\program files\tuhekejo
c:\program files\latodowo
c:\program files\kiriwosa
c:\program files\fusiboyi
c:\program files\bisuyilu
c:\program files\rugafivo
c:\program files\biperime
c:\program files\yuvodufu
c:\program files\wujiwibe
c:\program files\rihesiva
c:\program files\munijuri
c:\program files\pahogaho
c:\program files\kafuzelo
c:\program files\polupevu
c:\program files\dafejepa
c:\program files\vapobawu
c:\program files\kurapene
c:\program files\videpabe
c:\program files\tidawuji
c:\program files\tahejoga
c:\program files\doyijaru
c:\program files\punidoko
c:\program files\wadoreme
c:\program files\rilukumi
c:\program files\pihumifa
c:\program files\kuzezeve
c:\program files\zoyehazo
c:\program files\dubodipi
c:\program files\sanevuki
c:\program files\higubowo
c:\program files\juvamonu
c:\program files\biheseya
c:\program files\pafikiwu
c:\program files\rarayuna
c:\program files\kolayela
c:\program files\saperiho
c:\program files\wibiragu

AWF::
c:\dell\E-Center\bak\gtb.exe
c:\documents and settings\SJB\My Documents\My Videos\Veoh\AppBackup\bak\VeohClient.exe
c:\program files\Apoint\bak\Apoint.exe
c:\program files\Boingo\GoBoingo\bak\GoBoingo.exe
c:\program files\Common Files\Network Associates\TalkBack\bak\tbmon.exe
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe
c:\program files\Dell\QuickSet\bak\quickset.exe
c:\program files\Java\jre1.5.0_09\bin\bak\jusched.exe
c:\program files\Messenger\bak\msmsgs.exe
c:\program files\NetDrive\bak\netdrive.exe
c:\program files\Network Associates\Common Framework\bak\UpdaterUI.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Skype\Phone\bak\Skype.exe
c:\program files\Veoh Networks\Veoh\bak\VeohClient.exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\bak\docmgr.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\bak\hkcmd.exe
c:\windows\system32\bak\igfxpers.exe
c:\windows\system32\bak\igfxtray.exe
c:\windows\system32\bak\WLTRAY.exe
c:\windows\system32\wex4962\bak\cachedApps.xml
c:\windows\system32\wex4962\bak\EMMeter.exe
c:\windows\system32\wex4962\bak\Meter.log
c:\windows\system32\wex4962\bak\options.xml
c:\windows\system32\wex4962\bak\RecentApps.xml
e:\sarosh\sarosh_office\sarosh_backup\Office\Veoh\AppBackup\bak\VeohClient.exe
e:\sarosh\Veoh\AppBackup\bak\VeohClient.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kejugolobo"=-
"c440488d"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{188a3d40-c1b0-417c-8ebf-bc60f9f46542}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 saroshj

saroshj
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 11 December 2008 - 10:54 PM

Hello fenzodahl512,

Here are the logs, please let me know if you need me to do anything else....

*-------------------------BEGIN ComboFix Log---------------------------------------

ComboFix 08-12-11.04 - SJB 2008-12-11 21:15:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1319 [GMT -6:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

FILE ::
C:\SmitfraudFix.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\VundoFix.exe
c:\windows\system32\cdm.dll.wusetup.292718.new
c:\windows\system32\rayeboke.exe
c:\windows\system32\rokonuge.exe
c:\windows\system32\sumavabu.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\biheseya
c:\program files\biperime
c:\program files\biperime\biperime.dll
c:\program files\bisuyilu
c:\program files\bivewede
c:\program files\bivewede\bivewede.dll.tmp
c:\program files\bugohude
c:\program files\bugohude\eduhogub.ini2
c:\program files\bugohude\eduhogub.tmp
c:\program files\dafejepa
c:\program files\dafejepa\dafejepa.dll
c:\program files\devaheye
c:\program files\devaheye\devaheye.dll
c:\program files\doyijaru
c:\program files\dubodipi
c:\program files\duweweba
c:\program files\duweweba\duweweba.dll
c:\program files\fabuyoju
c:\program files\fabuyoju\ujoyubaf.ini
c:\program files\fazarago
c:\program files\fofiluhi
c:\program files\fusiboyi
c:\program files\fusiboyi\fusiboyi.dll
c:\program files\futofeja
c:\program files\fuvatozi
c:\program files\fuvatozi\fuvatozi.dll.tmp
c:\program files\fuzedanu
c:\program files\fuzedanu\fuzedanu.dll
c:\program files\fuzedanu\unadezuf.ini
c:\program files\haheboye
c:\program files\haheboye\eyobehah.ini
c:\program files\haheboye\haheboye.dll
c:\program files\hajefora
c:\program files\heparira
c:\program files\heparira\heparira.dll
c:\program files\higubowo
c:\program files\jutimono
c:\program files\jutimono\jutimono.dll
c:\program files\juvamonu
c:\program files\kafuzelo
c:\program files\kafuzelo\olezufak.ini
c:\program files\kigebele
c:\program files\kigebele\kigebele.dll
c:\program files\kiriwosa
c:\program files\kiriwosa\kiriwosa.dll.tmp
c:\program files\kolayela
c:\program files\kolayela\aleyalok.ini
c:\program files\kubuwiwu
c:\program files\kubuwiwu\uwiwubuk.ini
c:\program files\kuhumepe
c:\program files\kuhumepe\kuhumepe.dll
c:\program files\kurapene
c:\program files\kutakobi
c:\program files\kutakobi\kutakobi.dll
c:\program files\kuzezeve
c:\program files\latodowo
c:\program files\lawopuni
c:\program files\lawopuni\lawopuni.dll
c:\program files\legehopo
c:\program files\legehopo\legehopo.dll
c:\program files\mabazidu
c:\program files\mabazidu\mabazidu.dll
c:\program files\motawoma
c:\program files\munijuri
c:\program files\munijuri\irujinum.ini
c:\program files\nokemafu
c:\program files\nokemafu\nokemafu.dll
c:\program files\nokemafu\ufamekon.ini
c:\program files\pafikiwu
c:\program files\pafikiwu\pafikiwu.dll
c:\program files\pahogaho
c:\program files\pahogaho\pahogaho.dll
c:\program files\pewizasi
c:\program files\pewizasi\isaziwep.ini
c:\program files\pewizasi\pewizasi.dll
c:\program files\pifiyoso
c:\program files\pifiyoso\osoyifip.ini
c:\program files\pihumifa
c:\program files\polupevu
c:\program files\polupevu\uvepulop.ini
c:\program files\potudepa
c:\program files\potudepa\potudepa.dll
c:\program files\punidoko
c:\program files\rarayuna
c:\program files\rihesiva
c:\program files\rihesiva\rihesiva.dll
c:\program files\rilukumi
c:\program files\rugafivo
c:\program files\sanevuki
c:\program files\saperiho
c:\program files\saperiho\saperiho.dll
c:\program files\sekapehu
c:\program files\sekapehu\sekapehu.dll
c:\program files\simafubu
c:\program files\simafubu\simafubu.dll.tmp
c:\program files\sokofosu
c:\program files\sokofosu\usofokos.ini
c:\program files\tahejoga
c:\program files\tahejoga\agojehat.ini
c:\program files\tayoyeza
c:\program files\tayoyeza\tayoyeza.dll
c:\program files\tidawuji
c:\program files\tokurepa
c:\program files\tokurepa\aperukot.ini
c:\program files\tububiya
c:\program files\tububiya\ayibubut.ini
c:\program files\tuhekejo
c:\program files\tuhekejo\tuhekejo.dll
c:\program files\vadihihe
c:\program files\vadihihe\ehihidav.ini
c:\program files\vakafeda
c:\program files\vakafeda\adefakav.ini
c:\program files\vakafeda\vakafeda.dll
c:\program files\vapobawu
c:\program files\vapobawu\uwabopav.ini
c:\program files\videpabe
c:\program files\videpabe\ebapediv.ini
c:\program files\vitifise
c:\program files\vitifise\vitifise.dll
c:\program files\wadoreme
c:\program files\wibiragu
c:\program files\wibiragu\wibiragu.dll.tmp
c:\program files\wonudaya
c:\program files\wujiwibe
c:\program files\wujiwibe\ebiwijuw.ini
c:\program files\yasulihi
c:\program files\yiyufepa
c:\program files\yiyufepa\apefuyiy.ini
c:\program files\yiyufepa\yiyufepa.dll
c:\program files\yokuwalu
c:\program files\yokuwalu\yokuwalu.dll
c:\program files\yotadapi
c:\program files\yotadapi\yotadapi.dll.tmp
c:\program files\yuvodufu
c:\program files\yuvodufu\yuvodufu.dll
c:\program files\zoyehazo
C:\SmitfraudFix
C:\SmitfraudFix.exe
c:\smitfraudfix\404Fix.exe
c:\smitfraudfix\beep_2K_original.sys
c:\smitfraudfix\beep_XP_original.sys
c:\smitfraudfix\dumphive.exe
c:\smitfraudfix\exit.exe
c:\smitfraudfix\GenericRenosFix.exe
c:\smitfraudfix\HostsChk.exe
c:\smitfraudfix\IEDFix.C.exe
c:\smitfraudfix\IEDFix.exe
c:\smitfraudfix\o4Patch.exe
c:\smitfraudfix\Policies.exe
c:\smitfraudfix\Process.exe
c:\smitfraudfix\Reboot.exe
c:\smitfraudfix\restart.exe
c:\smitfraudfix\SmitfraudFix.cmd
c:\smitfraudfix\SmiUpdate.exe
c:\smitfraudfix\SrchSTS.exe
c:\smitfraudfix\swreg.exe
c:\smitfraudfix\swsc.exe
c:\smitfraudfix\swxcacls.exe
c:\smitfraudfix\UIFix.exe
c:\smitfraudfix\unzip.exe
c:\smitfraudfix\VACFix.exe
c:\smitfraudfix\VCCLSID.exe
c:\smitfraudfix\WS2Fix.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\VundoFix Backups
C:\VundoFix.exe
c:\windows\system32\cdm.dll.wusetup.292718.new
c:\windows\system32\rayeboke.exe
c:\windows\system32\rokonuge.exe
c:\windows\system32\sumavabu.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.

2008-12-11 19:57 . 2008-10-16 14:09 92,696 --a------ c:\windows\system32\cdm.dll.wusetup.228593.new
2008-12-11 12:02 . 2008-12-11 12:02 <DIR> d-------- c:\program files\ruvoyenu
2008-12-11 12:02 . 2008-12-11 19:44 <DIR> d-------- c:\program files\rusejafe
2008-12-11 09:59 . 2008-12-11 21:13 2,872,683 -ra------ C:\ComboFix.exe
2008-12-11 00:01 . 2008-12-11 00:01 <DIR> d-------- c:\program files\pewodaju
2008-12-11 00:01 . 2008-12-11 00:01 <DIR> d-------- c:\program files\gitadodi
2008-12-10 23:04 . 2008-12-10 23:04 <DIR> d-------- c:\windows\ERUNT
2008-12-10 23:03 . 2008-12-10 23:03 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\DivX
2008-12-10 22:58 . 2008-12-11 21:12 <DIR> d-------- C:\SDFix
2008-12-10 22:20 . 2008-12-11 20:01 1,597,158 --a------ C:\SDFix.zip
2008-12-09 10:31 . 2008-12-09 10:40 <DIR> d-------- C:\rsit
2008-12-09 10:31 . 2008-12-11 00:13 <DIR> d-------- c:\program files\trend micro
2008-11-27 13:19 . 2008-11-27 13:19 54 --a------ c:\windows\wininit.ini
2008-11-25 19:30 . 2008-11-25 19:30 0 --a------ c:\windows\system32\ź;ź;
2008-11-25 11:12 . 2008-11-25 11:12 244 --ah----- C:\sqmnoopt02.sqm
2008-11-25 11:12 . 2008-11-25 11:12 232 --ah----- C:\sqmdata02.sqm
2008-11-17 16:55 . 2008-11-17 16:55 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\Malwarebytes
2008-11-17 16:54 . 2006-06-21 13:20 <DIR> d---s---- c:\documents and settings\SJB.I000511\UserData
2008-11-17 16:54 . 2008-03-19 18:28 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\Gtek
2008-11-17 16:54 . 2006-06-22 07:54 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\AdobeUM
2008-11-17 16:54 . 2008-11-17 16:54 <DIR> d-------- c:\documents and settings\SJB.I000511
2008-11-17 16:47 . 2008-12-06 14:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-17 16:47 . 2008-11-17 16:47 <DIR> d-------- c:\documents and settings\SJB\Application Data\Malwarebytes
2008-11-17 16:47 . 2008-11-17 16:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-17 16:47 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-17 16:47 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 08:45 . 2008-11-17 08:45 2,372,472 --a------ c:\temp\mbam-setup.exe
2008-11-16 10:58 . 2008-11-16 13:56 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-16 10:58 . 2008-11-16 13:57 <DIR> d-------- c:\documents and settings\SJB\Application Data\SUPERAntiSpyware.com
2008-11-16 10:58 . 2008-11-16 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 10:57 . 2008-11-16 10:57 6,637,592 --a------ c:\temp\SUPERAntiSpyware.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 03:12 --------- d-----w c:\documents and settings\SJB\Application Data\HPAppData
2008-12-12 01:59 --------- d-----w c:\program files\QuickTime
2008-12-12 01:59 --------- d-----w c:\program files\NetDrive
2008-12-12 01:59 --------- d-----w c:\program files\Apoint
2008-12-11 05:36 --------- d-----w c:\program files\Lx_cats
2008-12-07 20:50 --------- d-----w c:\program files\CamGrab-2Plus
2008-12-06 05:24 --------- d-----w c:\program files\Google
2008-12-06 05:08 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 06:49 --------- d-----w c:\program files\Common Files\Adobe
2008-11-08 18:10 --------- d-----w c:\program files\MSN Messenger
2008-11-01 19:21 --------- d-----w c:\documents and settings\SJB\Application Data\HP
2008-11-01 19:09 --------- d-----w c:\program files\HP
2008-11-01 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-01 19:00 --------- d-----w c:\program files\Hewlett-Packard
2008-11-01 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-30 00:58 40,064 -c--a-w c:\documents and settings\SJB\Application Data\GDIPFONTCACHEV1.DAT
2008-10-16 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2008-10-16 01:59 --------- d-----w c:\documents and settings\SJB\Application Data\Apple Computer
2008-10-15 19:20 --------- d-----w c:\program files\iTunes
2008-10-15 19:20 --------- d-----w c:\program files\iPod
2008-10-15 19:20 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-14 23:04 --------- d-----w c:\documents and settings\SJB\Application Data\webex
2008-10-14 21:38 --------- d-----w c:\program files\MSECACHE
2006-12-29 14:15 626,688 -c--a-w c:\program files\Common Files\sapconsaccess.dll
2006-12-29 14:15 40,960 -c--a-w c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 14:15 3,100,672 -c--a-w c:\program files\Common Files\sapxlhelper.dll
2006-12-29 14:15 192,512 -c--a-w c:\program files\Common Files\sapconsr3.dll
2006-12-07 09:26 1,129,984 -c--a-w c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 09:26 1,124,864 -c--a-w c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((( snapshot@2008-12-10_23.53.55.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-11 05:02:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-11 17:15:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-11 05:02:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-11 17:15:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-13 21:41:08 77,824 -c--a-w c:\windows\system32\hkcmd.exe
+ 2005-12-13 21:45:00 118,784 -c--a-w c:\windows\system32\igfxpers.exe
+ 2005-12-13 21:44:18 98,304 -c--a-w c:\windows\system32\igfxtray.exe
- 2008-12-11 05:33:17 65,806 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-12 03:14:00 65,806 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-11 05:33:18 410,502 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-12 03:14:00 410,502 ----a-w c:\windows\system32\perfh009.dat
- 2007-03-17 00:10:54 1,392,640 ----a-w c:\windows\system32\WLTRAY.EXE
+ 2005-12-19 13:08:42 1,347,584 -c--a-w c:\windows\system32\WLTRAY.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"QNPlus"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2007-04-25 558776]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-12-14 1466384]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-06-13 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2006-11-08 233744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{606427C1-E5F0-4001-832B-BD7DF391ECA7}"= "c:\windows\system32\wex4962\EMMeterHook760.dll" [2006-06-06 163840]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 16:16 454784 c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 16:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
--a--c--- 2004-06-04 05:58 57344 c:\program files\Lexmark 5200 Series\lxbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2007-05-17 10:52 505368 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-05-17 10:53 780312 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a--c--- 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-04-27 09:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a--c--- 2007-01-12 13:57 25367592 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Venturi Configurator]
--a--c--- 2007-02-05 16:53 923272 c:\program files\Netbooster Client\Configurator\ventcfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a--c--- 2007-05-03 17:43 2019328 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13523:TCP"= 13523:TCP:*:Disabled:BitComet 13523 TCP
"13523:UDP"= 13523:UDP:*:Disabled:BitComet 13523 UDP
"9420:TCP"= 9420:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-06-22 58464]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon;c:\windows\system32\FortiSslvpnDaemon.exe [2008-08-14 501280]
R2 VenturiClient;Venturi Client;c:\program files\Netbooster Client\Client\ventc.exe [2007-10-24 2410080]
R2 WebDriveFSD;WebDrive File System Driver;\??\c:\program files\NetDrive\rffsd.sys [2007-01-17 67032]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop.sys [2007-06-06 30208]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2007-04-25 19640]
S2 HostCopy;Hosts Copy;c:\windows\system32\HostCopyXPsrv.exe [2006-06-22 120845]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\DRIVERS\BEFCMU10V4XP.sys [2008-03-01 14336]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\zteusbser.sys [2007-10-23 100480]
S4 RFNP32;WebDrive Provider; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: vwlsp.dll

c:\windows\Downloaded Program Files\Deployer.ocx - O16 -: {2594A0F4-5D0A-4C84-8458-1620575F82A2}
hxxp://updates.guixt.com/latest/Deployer.ocx

c:\windows\NESetupM.exe.manifest - c:\windows\NESetupM.exe
c:\windows\Downloaded Program Files\NELaunchX.dll
O16 -: {6EEFD7B1-B26C-440D-B55A-1EC677189F30}
hxxps://access.varelintl.com/NELX.cab
c:\windows\Downloaded Program Files\NELaunchX.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 21:20:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\RFNP32.DLL
c:\windows\system32\RFHelper.dll
c:\windows\system32\rfhres.dll

- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\windows\system32\vwlsp.dll
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\windows\system32\wex4962\EMCliSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
c:\program files\NetDrive\wdService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Netbooster Client\squid\ventcsquid.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcunlinkd.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Network Associates\VirusScan\scan32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2008-12-11 21:24:36 - machine was rebooted [SJB]
ComboFix-quarantined-files.txt 2008-12-12 03:24:20

Pre-Run: 20,063,993,856 bytes free
Post-Run: 20,003,352,576 bytes free

467 --- E O F --- 2008-06-24 05:45:34

*-------------------------END ComboFix Log---------------------------------------


*-------------------------BEGIN HijackThis Log---------------------------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by SJB at 2008-12-11 21:50:40
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (25%) free of 76 GB
Total RAM: 2038 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50, on 2008-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\wex4962\EMCliSrv.exe
C:\WINDOWS\system32\FortiSslvpnDaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Netbooster Client\Client\ventc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Netbooster Client\squid\ventcsquid.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcunlinkd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\SJB\Desktop\RSIT.exe
C:\Program Files\trend micro\SJB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2594A0F4-5D0A-4C84-8458-1620575F82A2} (SynUpdate Class) - http://updates.guixt.com/latest/Deployer.ocx
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://access.varelintl.com/NELX.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://itelligencegroupusa.webex.com/clien...bex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: EMCliSrv - Express Metrix - C:\WINDOWS\system32\wex4962\EMCliSrv.exe
O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hosts Copy (HostCopy) - Unknown owner - c:\windows\system32\HostCopyXPsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12287 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-12 726568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CD20F0-7C09-11D5-A768-0050042307CE}]
Plugin Class - C:\PlayerIE\playerIE.dll [2005-10-24 144912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\Program Files\BAE\BAE.dll [2006-02-17 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"SonicWALLNetExtender"=C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [2007-04-25 558776]
"LXBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"QNPlus"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe [2004-06-04 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-05-17 505368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-05-17 780312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-01-12 25367592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Venturi Configurator]
C:\Program Files\Netbooster Client\Configurator\ventcfg.exe [2007-02-05 923272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2007-05-03 2019328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{606427C1-E5F0-4001-832B-BD7DF391ECA7}"=C:\WINDOWS\system32\wex4962\EMMeterHook760.dll [2006-06-06 163840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"="C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe:*:Enabled:LVComSer"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-11 21:24:38 ----A---- C:\ComboFix.txt
2008-12-11 21:17:56 ----D---- C:\WINDOWS\temp
2008-12-11 19:57:54 ----A---- C:\WINDOWS\system32\cdm.dll.wusetup.228593.new
2008-12-11 12:02:10 ----D---- C:\Program Files\ruvoyenu
2008-12-11 12:02:10 ----D---- C:\Program Files\rusejafe
2008-12-11 10:00:04 ----SHD---- C:\RECYCLER
2008-12-11 00:01:52 ----D---- C:\Program Files\gitadodi
2008-12-11 00:01:48 ----D---- C:\Program Files\pewodaju
2008-12-10 23:43:56 ----A---- C:\Boot.bak
2008-12-10 23:43:51 ----RASHD---- C:\cmdcons
2008-12-10 23:41:43 ----A---- C:\WINDOWS\zip.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\sed.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\grep.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 23:41:35 ----D---- C:\WINDOWS\ERDNT
2008-12-10 23:41:35 ----D---- C:\Qoobox
2008-12-10 23:35:10 ----D---- C:\Documents and Settings\SJB\Application Data\WinRAR
2008-12-10 23:04:09 ----D---- C:\WINDOWS\ERUNT
2008-12-10 22:58:46 ----D---- C:\SDFix
2008-12-09 10:31:35 ----D---- C:\Program Files\trend micro
2008-12-09 10:31:33 ----D---- C:\rsit
2008-12-06 13:26:38 ----A---- C:\VundoFix.txt
2008-12-05 23:24:45 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-05 23:24:27 ----A---- C:\rapport.txt
2008-12-05 09:29:52 ----A---- C:\mbam-log-2008-12-05 (10-29-44).txt
2008-11-27 13:19:34 ----A---- C:\WINDOWS\wininit.ini
2008-11-21 10:50:23 ----A---- C:\PRD Create STD Price 11-21-2008.txt
2008-11-18 17:13:01 ----A---- C:\QAS Create Standard Price.txt
2008-11-17 16:47:48 ----D---- C:\Documents and Settings\SJB\Application Data\Malwarebytes
2008-11-17 16:47:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 16:47:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 11:08:31 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-16 10:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 10:58:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-16 10:58:24 ----D---- C:\Documents and Settings\SJB\Application Data\SUPERAntiSpyware.com
2008-11-14 10:03:34 ----A---- C:\Standard Price QAS.txt
2008-11-12 23:55:56 ----A---- C:\Copy of Standard Price.txt
2008-11-12 12:57:47 ----A---- C:\Standard Price_old.txt

======List of files/folders modified in the last 1 months======

2008-12-11 21:47:14 ----D---- C:\quarantine
2008-12-11 21:24:57 ----D---- C:\WINDOWS\system32
2008-12-11 21:24:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 21:24:44 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 21:24:44 ----D---- C:\WINDOWS\Prefetch
2008-12-11 21:24:41 ----D---- C:\WINDOWS
2008-12-11 21:20:43 ----A---- C:\WINDOWS\system.ini
2008-12-11 21:20:16 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-11 21:18:56 ----D---- C:\WINDOWS\system32\config
2008-12-11 21:16:32 ----D---- C:\Program Files\Common Files
2008-12-11 21:16:31 ----D---- C:\WINDOWS\AppPatch
2008-12-11 21:14:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-11 21:14:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 21:12:19 ----D---- C:\Documents and Settings\SJB\Application Data\HPAppData
2008-12-11 20:22:27 ----SHD---- C:\WINDOWS\CSC
2008-12-11 19:59:28 ----D---- C:\WINDOWS\system32\wex4962
2008-12-11 19:59:27 ----D---- C:\Program Files\QuickTime
2008-12-11 19:59:27 ----D---- C:\Program Files\NetDrive
2008-12-11 19:59:27 ----D---- C:\Program Files\Messenger
2008-12-11 19:59:24 ----D---- C:\Program Files\Apoint
2008-12-11 19:48:58 ----RD---- C:\Program Files
2008-12-10 23:43:56 ----RASH---- C:\boot.ini
2008-12-10 23:36:03 ----D---- C:\Program Files\Lx_cats
2008-12-10 23:32:50 ----HD---- C:\WINDOWS\inf
2008-12-10 18:09:14 ----A---- C:\WINDOWS\hpbafd.ini
2008-12-09 17:53:11 ----A---- C:\WINDOWS\Saplogon.ini
2008-12-08 22:43:24 ----A---- C:\WINDOWS\system32\EMCliSrv.bak
2008-12-08 15:20:19 ----SHD---- C:\WINDOWS\Installer
2008-12-08 15:20:18 ----HD---- C:\Config.Msi
2008-12-07 14:50:20 ----D---- C:\Program Files\CamGrab-2Plus
2008-12-05 23:24:51 ----D---- C:\Program Files\Google
2008-12-05 23:08:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-03 19:59:23 ----AC---- C:\WINDOWS\sapgrph.ini
2008-12-01 11:33:17 ----D---- C:\Sarosh_general
2008-11-29 18:18:21 ----D---- C:\Sarosh_visiting visa
2008-11-25 19:37:07 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-23 00:49:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-23 00:49:10 ----D---- C:\Program Files\Common Files\Adobe
2008-11-23 00:49:09 ----D---- C:\Program Files\Adobe
2008-11-17 16:54:25 ----D---- C:\Documents and Settings
2008-11-17 12:04:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-17 08:56:09 ----D---- C:\Sarosh_misc
2008-11-17 08:45:53 ----D---- C:\Temp
2008-11-15 17:09:30 ----D---- C:\WINDOWS\system32\Macromed
2008-11-15 16:53:07 ----A---- C:\WINDOWS\Setup Wizard.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2006-06-08 58464]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-02-17 132608]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-11-30 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-11-30 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-05-11 25888]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2006-06-08 116864]
R3 pppop;PPPoP WAN Adapter; C:\WINDOWS\system32\DRIVERS\pppop.sys [2007-06-06 30208]
R3 SSLDrv;SSL-VPN NetExtender Adapter; C:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2007-04-25 19640]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2006-03-20 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-11-30 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem; C:\WINDOWS\system32\DRIVERS\BEFCMU10V4XP.sys [2004-07-05 14336]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-11 41888]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-06-06 20096]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\zteusbser.sys [2007-08-07 100480]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-06-16 1433616]
R2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2006-03-25 315392]
R2 EMCliSrv;EMCliSrv; C:\WINDOWS\system32\wex4962\EMCliSrv.exe [2006-06-06 245760]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon; C:\WINDOWS\system32\FortiSslvpnDaemon.exe [2007-06-06 501280]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-05-11 187168]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-11 133920]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2006-02-14 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2006-06-08 29184]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2007-09-27 53248]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 SONICWALL_NetExtender;SonicWALL NetExtender Service; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [2007-04-25 276152]
R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.7 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe [2005-11-30 180224]
R2 VenturiClient;Venturi Client; C:\Program Files\Netbooster Client\Client\ventc.exe [2007-02-05 2410080]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 94208]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 HostCopy;Hosts Copy; c:\windows\system32\HostCopyXPsrv.exe [2006-06-06 120845]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 lxbt_device;lxbt_device; C:\WINDOWS\system32\lxbtcoms.exe [2004-02-20 421888]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

*-------------------------END HijackThis Log---------------------------------------

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 11 December 2008 - 11:43 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
RFNP32

File::
c:\windows\system32\cdm.dll.wusetup.228593.new

Folder::
c:\program files\ruvoyenu
c:\program files\rusejafe
c:\program files\pewodaju
c:\program files\gitadodi

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by fenzodahl512, 11 December 2008 - 11:44 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 saroshj

saroshj
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 12 December 2008 - 11:56 AM

Hello fenzodahl512,


Here are the logs, please let me know if you need me to do anything else....

*-------------------------BEGIN ComboFix Log---------------------------------------
ComboFix 08-12-11.06 - SJB 2008-12-12 10:42:08.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1547 [GMT -6:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\cdm.dll.wusetup.228593.new
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\gitadodi
c:\program files\gitadodi\gitadodi.dll
c:\program files\pewodaju
c:\program files\pewodaju\pewodaju.dll
c:\program files\rusejafe
c:\program files\rusejafe\efajesur.ini
c:\program files\ruvoyenu
c:\program files\ruvoyenu\ruvoyenu.dll
c:\windows\system32\cdm.dll.wusetup.228593.new

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RFNP32
-------\Service_RFNP32


((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.

2008-12-12 10:26 . 2008-12-12 10:26 2,872,963 -ra------ C:\ComboFix.exe
2008-12-12 09:40 . 2008-10-16 14:09 92,696 --a------ c:\windows\system32\cdm.dll.wusetup.44423875.new
2008-12-10 23:04 . 2008-12-10 23:04 <DIR> d-------- c:\windows\ERUNT
2008-12-10 23:03 . 2008-12-10 23:03 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\DivX
2008-12-10 22:58 . 2008-12-12 10:26 <DIR> d-------- C:\SDFix
2008-12-10 22:20 . 2008-12-11 20:01 1,597,158 --a------ C:\SDFix.zip
2008-12-09 10:31 . 2008-12-09 10:40 <DIR> d-------- C:\rsit
2008-12-09 10:31 . 2008-12-11 21:50 <DIR> d-------- c:\program files\trend micro
2008-11-27 13:19 . 2008-11-27 13:19 54 --a------ c:\windows\wininit.ini
2008-11-25 19:30 . 2008-11-25 19:30 0 --a------ c:\windows\system32\ź;ź;
2008-11-25 11:12 . 2008-11-25 11:12 244 --ah----- C:\sqmnoopt02.sqm
2008-11-25 11:12 . 2008-11-25 11:12 232 --ah----- C:\sqmdata02.sqm
2008-11-17 16:55 . 2008-11-17 16:55 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\Malwarebytes
2008-11-17 16:54 . 2006-06-21 13:20 <DIR> d---s---- c:\documents and settings\SJB.I000511\UserData
2008-11-17 16:54 . 2008-03-19 18:28 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\Gtek
2008-11-17 16:54 . 2006-06-22 07:54 <DIR> d-------- c:\documents and settings\SJB.I000511\Application Data\AdobeUM
2008-11-17 16:54 . 2008-11-17 16:54 <DIR> d-------- c:\documents and settings\SJB.I000511
2008-11-17 16:47 . 2008-12-06 14:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-17 16:47 . 2008-11-17 16:47 <DIR> d-------- c:\documents and settings\SJB\Application Data\Malwarebytes
2008-11-17 16:47 . 2008-11-17 16:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-17 16:47 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-17 16:47 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 08:45 . 2008-11-17 08:45 2,372,472 --a------ c:\temp\mbam-setup.exe
2008-11-16 10:58 . 2008-11-16 13:56 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-16 10:58 . 2008-11-16 13:57 <DIR> d-------- c:\documents and settings\SJB\Application Data\SUPERAntiSpyware.com
2008-11-16 10:58 . 2008-11-16 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 10:57 . 2008-11-16 10:57 6,637,592 --a------ c:\temp\SUPERAntiSpyware.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 15:48 --------- d-----w c:\documents and settings\SJB\Application Data\HPAppData
2008-12-12 01:59 --------- d-----w c:\program files\QuickTime
2008-12-12 01:59 --------- d-----w c:\program files\NetDrive
2008-12-12 01:59 --------- d-----w c:\program files\Apoint
2008-12-11 05:36 --------- d-----w c:\program files\Lx_cats
2008-12-07 20:50 --------- d-----w c:\program files\CamGrab-2Plus
2008-12-06 05:24 --------- d-----w c:\program files\Google
2008-12-06 05:08 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 06:49 --------- d-----w c:\program files\Common Files\Adobe
2008-11-08 18:10 --------- d-----w c:\program files\MSN Messenger
2008-11-01 19:21 --------- d-----w c:\documents and settings\SJB\Application Data\HP
2008-11-01 19:09 --------- d-----w c:\program files\HP
2008-11-01 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-01 19:00 --------- d-----w c:\program files\Hewlett-Packard
2008-11-01 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-30 00:58 40,064 -c--a-w c:\documents and settings\SJB\Application Data\GDIPFONTCACHEV1.DAT
2008-10-16 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2008-10-16 01:59 --------- d-----w c:\documents and settings\SJB\Application Data\Apple Computer
2008-10-15 19:20 --------- d-----w c:\program files\iTunes
2008-10-15 19:20 --------- d-----w c:\program files\iPod
2008-10-15 19:20 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-14 23:04 --------- d-----w c:\documents and settings\SJB\Application Data\webex
2008-10-14 21:38 --------- d-----w c:\program files\MSECACHE
2006-12-29 14:15 626,688 -c--a-w c:\program files\Common Files\sapconsaccess.dll
2006-12-29 14:15 40,960 -c--a-w c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 14:15 3,100,672 -c--a-w c:\program files\Common Files\sapxlhelper.dll
2006-12-29 14:15 192,512 -c--a-w c:\program files\Common Files\sapconsr3.dll
2006-12-07 09:26 1,129,984 -c--a-w c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 09:26 1,124,864 -c--a-w c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((( snapshot@2008-12-10_23.53.55.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-11 05:02:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-11 17:15:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-11 05:02:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-11 17:15:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-13 21:41:08 77,824 -c--a-w c:\windows\system32\hkcmd.exe
+ 2005-12-13 21:45:00 118,784 -c--a-w c:\windows\system32\igfxpers.exe
+ 2005-12-13 21:44:18 98,304 -c--a-w c:\windows\system32\igfxtray.exe
- 2008-12-11 05:33:17 65,806 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-12 03:24:57 65,806 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-11 05:33:18 410,502 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-12 03:24:57 410,502 ----a-w c:\windows\system32\perfh009.dat
- 2007-03-17 00:10:54 1,392,640 ----a-w c:\windows\system32\WLTRAY.EXE
+ 2005-12-19 13:08:42 1,347,584 -c--a-w c:\windows\system32\WLTRAY.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"QNPlus"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2007-04-25 558776]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-12-14 1466384]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-06-13 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2006-11-08 233744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{606427C1-E5F0-4001-832B-BD7DF391ECA7}"= "c:\windows\system32\wex4962\EMMeterHook760.dll" [2006-06-06 163840]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 16:16 454784 c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 16:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
--a--c--- 2004-06-04 05:58 57344 c:\program files\Lexmark 5200 Series\lxbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2007-05-17 10:52 505368 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-05-17 10:53 780312 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a--c--- 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-04-27 09:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a--c--- 2007-01-12 13:57 25367592 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Venturi Configurator]
--a--c--- 2007-02-05 16:53 923272 c:\program files\Netbooster Client\Configurator\ventcfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a--c--- 2007-05-03 17:43 2019328 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13523:TCP"= 13523:TCP:*:Disabled:BitComet 13523 TCP
"13523:UDP"= 13523:UDP:*:Disabled:BitComet 13523 UDP
"9420:TCP"= 9420:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-06-22 58464]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon;c:\windows\system32\FortiSslvpnDaemon.exe [2008-08-14 501280]
R2 VenturiClient;Venturi Client;c:\program files\Netbooster Client\Client\ventc.exe [2007-10-24 2410080]
R2 WebDriveFSD;WebDrive File System Driver;\??\c:\program files\NetDrive\rffsd.sys [2007-01-17 67032]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop.sys [2007-06-06 30208]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2007-04-25 19640]
S2 HostCopy;Hosts Copy;c:\windows\system32\HostCopyXPsrv.exe [2006-06-22 120845]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\DRIVERS\BEFCMU10V4XP.sys [2008-03-01 14336]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\zteusbser.sys [2007-10-23 100480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: vwlsp.dll

c:\windows\Downloaded Program Files\Deployer.ocx - O16 -: {2594A0F4-5D0A-4C84-8458-1620575F82A2}
hxxp://updates.guixt.com/latest/Deployer.ocx

c:\windows\NESetupM.exe.manifest - c:\windows\NESetupM.exe
c:\windows\Downloaded Program Files\NELaunchX.dll
O16 -: {6EEFD7B1-B26C-440D-B55A-1EC677189F30}
hxxps://access.varelintl.com/NELX.cab
c:\windows\Downloaded Program Files\NELaunchX.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 10:46:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\windows\system32\vwlsp.dll
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\windows\system32\wex4962\EMCliSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
c:\program files\NetDrive\wdService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Netbooster Client\squid\ventcsquid.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcdnsserver.exe
c:\program files\Netbooster Client\squid\ventcunlinkd.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Network Associates\VirusScan\scan32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2008-12-12 10:51:01 - machine was rebooted [SJB]
ComboFix-quarantined-files.txt 2008-12-12 16:50:43
ComboFix2.txt 2008-12-12 03:24:38

Pre-Run: 19,985,010,688 bytes free
Post-Run: 19,924,779,008 bytes free

286 --- E O F --- 2008-06-24 05:45:34

*-------------------------END ComboFix Log---------------------------------------

*-------------------------BEGIN HijackThis Log---------------------------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by SJB at 2008-12-12 10:52:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (25%) free of 76 GB
Total RAM: 2038 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52, on 2008-12-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\wex4962\EMCliSrv.exe
C:\WINDOWS\system32\FortiSslvpnDaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Netbooster Client\Client\ventc.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Netbooster Client\squid\ventcsquid.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcunlinkd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\SJB\Desktop\RSIT.exe
C:\Program Files\trend micro\SJB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2594A0F4-5D0A-4C84-8458-1620575F82A2} (SynUpdate Class) - http://updates.guixt.com/latest/Deployer.ocx
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://access.varelintl.com/NELX.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://itelligencegroupusa.webex.com/clien...bex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: EMCliSrv - Express Metrix - C:\WINDOWS\system32\wex4962\EMCliSrv.exe
O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hosts Copy (HostCopy) - Unknown owner - c:\windows\system32\HostCopyXPsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12221 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-12 726568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CD20F0-7C09-11D5-A768-0050042307CE}]
Plugin Class - C:\PlayerIE\playerIE.dll [2005-10-24 144912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\Program Files\BAE\BAE.dll [2006-02-17 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"SonicWALLNetExtender"=C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [2007-04-25 558776]
"LXBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"QNPlus"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe [2004-06-04 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-05-17 505368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-05-17 780312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-01-12 25367592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Venturi Configurator]
C:\Program Files\Netbooster Client\Configurator\ventcfg.exe [2007-02-05 923272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2007-05-03 2019328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{606427C1-E5F0-4001-832B-BD7DF391ECA7}"=C:\WINDOWS\system32\wex4962\EMMeterHook760.dll [2006-06-06 163840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"="C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe:*:Enabled:LVComSer"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-12 10:51:03 ----A---- C:\ComboFix.txt
2008-12-12 10:44:14 ----D---- C:\WINDOWS\temp
2008-12-12 09:40:08 ----A---- C:\WINDOWS\system32\cdm.dll.wusetup.44423875.new
2008-12-11 10:00:04 ----SHD---- C:\RECYCLER
2008-12-10 23:43:56 ----A---- C:\Boot.bak
2008-12-10 23:43:51 ----RASHD---- C:\cmdcons
2008-12-10 23:41:43 ----A---- C:\WINDOWS\zip.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\sed.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\grep.exe
2008-12-10 23:41:43 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 23:41:35 ----D---- C:\WINDOWS\ERDNT
2008-12-10 23:41:35 ----D---- C:\Qoobox
2008-12-10 23:35:10 ----D---- C:\Documents and Settings\SJB\Application Data\WinRAR
2008-12-10 23:04:09 ----D---- C:\WINDOWS\ERUNT
2008-12-10 22:58:46 ----D---- C:\SDFix
2008-12-09 10:31:35 ----D---- C:\Program Files\trend micro
2008-12-09 10:31:33 ----D---- C:\rsit
2008-12-06 13:26:38 ----A---- C:\VundoFix.txt
2008-12-05 23:24:45 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-05 23:24:27 ----A---- C:\rapport.txt
2008-12-05 09:29:52 ----A---- C:\mbam-log-2008-12-05 (10-29-44).txt
2008-11-27 13:19:34 ----A---- C:\WINDOWS\wininit.ini
2008-11-21 10:50:23 ----A---- C:\PRD Create STD Price 11-21-2008.txt
2008-11-18 17:13:01 ----A---- C:\QAS Create Standard Price.txt
2008-11-17 16:47:48 ----D---- C:\Documents and Settings\SJB\Application Data\Malwarebytes
2008-11-17 16:47:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 16:47:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 11:08:31 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-16 10:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 10:58:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-16 10:58:24 ----D---- C:\Documents and Settings\SJB\Application Data\SUPERAntiSpyware.com
2008-11-14 10:03:34 ----A---- C:\Standard Price QAS.txt

======List of files/folders modified in the last 1 months======

2008-12-12 10:51:23 ----D---- C:\WINDOWS\system32
2008-12-12 10:51:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-12 10:51:08 ----D---- C:\WINDOWS\system32\drivers
2008-12-12 10:51:06 ----D---- C:\WINDOWS
2008-12-12 10:49:06 ----D---- C:\quarantine
2008-12-12 10:47:48 ----D---- C:\WINDOWS\Prefetch
2008-12-12 10:47:09 ----A---- C:\WINDOWS\system.ini
2008-12-12 10:46:43 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-12 10:45:15 ----D---- C:\WINDOWS\system32\config
2008-12-12 10:43:14 ----D---- C:\WINDOWS\AppPatch
2008-12-12 10:43:14 ----D---- C:\Program Files\Common Files
2008-12-12 10:42:12 ----RD---- C:\Program Files
2008-12-12 10:27:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-12 09:48:13 ----D---- C:\Documents and Settings\SJB\Application Data\HPAppData
2008-12-12 09:40:04 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 20:22:27 ----SHD---- C:\WINDOWS\CSC
2008-12-11 19:59:28 ----D---- C:\WINDOWS\system32\wex4962
2008-12-11 19:59:27 ----D---- C:\Program Files\QuickTime
2008-12-11 19:59:27 ----D---- C:\Program Files\NetDrive
2008-12-11 19:59:27 ----D---- C:\Program Files\Messenger
2008-12-11 19:59:24 ----D---- C:\Program Files\Apoint
2008-12-10 23:43:56 ----RASH---- C:\boot.ini
2008-12-10 23:36:03 ----D---- C:\Program Files\Lx_cats
2008-12-10 23:32:50 ----HD---- C:\WINDOWS\inf
2008-12-10 18:09:14 ----A---- C:\WINDOWS\hpbafd.ini
2008-12-09 17:53:11 ----A---- C:\WINDOWS\Saplogon.ini
2008-12-08 22:43:24 ----A---- C:\WINDOWS\system32\EMCliSrv.bak
2008-12-08 15:20:19 ----SHD---- C:\WINDOWS\Installer
2008-12-08 15:20:18 ----HD---- C:\Config.Msi
2008-12-07 14:50:20 ----D---- C:\Program Files\CamGrab-2Plus
2008-12-05 23:24:51 ----D---- C:\Program Files\Google
2008-12-05 23:08:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-03 19:59:23 ----AC---- C:\WINDOWS\sapgrph.ini
2008-12-01 11:33:17 ----D---- C:\Sarosh_general
2008-11-29 18:18:21 ----D---- C:\Sarosh_visiting visa
2008-11-25 19:37:07 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-23 00:49:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-23 00:49:10 ----D---- C:\Program Files\Common Files\Adobe
2008-11-23 00:49:09 ----D---- C:\Program Files\Adobe
2008-11-17 16:54:25 ----D---- C:\Documents and Settings
2008-11-17 12:04:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-17 08:56:09 ----D---- C:\Sarosh_misc
2008-11-17 08:45:53 ----D---- C:\Temp
2008-11-15 17:09:30 ----D---- C:\WINDOWS\system32\Macromed
2008-11-15 16:53:07 ----A---- C:\WINDOWS\Setup Wizard.INI
2008-11-13 00:25:00 ----A---- C:\Standard Price_old.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2006-06-08 58464]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-02-17 132608]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-11-30 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-11-30 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-05-11 25888]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2006-06-08 116864]
R3 pppop;PPPoP WAN Adapter; C:\WINDOWS\system32\DRIVERS\pppop.sys [2007-06-06 30208]
R3 SSLDrv;SSL-VPN NetExtender Adapter; C:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2007-04-25 19640]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2006-03-20 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-11-30 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem; C:\WINDOWS\system32\DRIVERS\BEFCMU10V4XP.sys [2004-07-05 14336]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-11 41888]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-06-06 20096]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\zteusbser.sys [2007-08-07 100480]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-06-16 1433616]
R2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2006-03-25 315392]
R2 EMCliSrv;EMCliSrv; C:\WINDOWS\system32\wex4962\EMCliSrv.exe [2006-06-06 245760]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon; C:\WINDOWS\system32\FortiSslvpnDaemon.exe [2007-06-06 501280]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-05-11 187168]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-11 133920]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2006-02-14 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2006-06-08 29184]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2007-09-27 53248]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 SONICWALL_NetExtender;SonicWALL NetExtender Service; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [2007-04-25 276152]
R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.7 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe [2005-11-30 180224]
R2 VenturiClient;Venturi Client; C:\Program Files\Netbooster Client\Client\ventc.exe [2007-02-05 2410080]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 94208]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 HostCopy;Hosts Copy; c:\windows\system32\HostCopyXPsrv.exe [2006-06-06 120845]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 lxbt_device;lxbt_device; C:\WINDOWS\system32\lxbtcoms.exe [2004-02-20 421888]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

*-------------------------END hijackThis Log---------------------------------------

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 12 December 2008 - 11:41 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    c:\windows\system32\cdm.dll.wusetup.*.new
    c:\windows\system32\ź;ź;
    C:\sqmnoopt02.sqm
    C:\sqmnoopt02.sqm
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. Attach GMER log
3. A fresh RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 saroshj

saroshj
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 17 December 2008 - 06:09 PM

Hello fenzodahl512,


My laptop wouldn't startup last week and finally I had to send it back to get it formatted... :thumbsup:

Anyway it came back today and seems to be fine (free of Vundo at last!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! )


Thanks for all your help ...appreciate it...


-Kind Regards

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 18 December 2008 - 12:04 AM

Thank you saroshj, and I'm sorry to hear that you have to format the computer..

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users