Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer full of malware/spyware


  • This topic is locked This topic is locked
30 replies to this topic

#1 Flicktron

Flicktron

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 12 December 2008 - 02:15 PM

Hi everyone,

I was referred by my friend, and hopefully you can all help me. My computer has some malware and spyware on the computer.

I've ran AVG, and Avast Anti-Virus, and it has found a bunch of viruses and spyware and got rid of them. But there's still some sort of spyware on there.

Here is my hijackthis log.

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\SBTech\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\SBTech\Application Data\gadcom\gadcom.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\SBTech\Desktop\HJTInstall.exe
C:\Documents and Settings\SBTech\Desktop\HJTInstall.exe
C:\Documents and Settings\SBTech\Desktop\HJTInstall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SBTech\Desktop\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acmesuite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A281FD03-3E8D-46BB-A437-812D82E90465} - C:\WINDOWS\system32\efcYooNd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: {49e272ad-33d8-47c8-6774-dfb808e132eb} - {be231e80-8bfd-4776-8c74-8d33da272e94} - C:\WINDOWS\system32\lklwix.dll
O2 - BHO: (no name) - {c1b813f2-2f27-4e4d-be85-e26a501a4306} - C:\WINDOWS\system32\vekujusi.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\norobeta.dll",s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [18472bf7] rundll32.exe "C:\WINDOWS\system32\bgrjmpsa.dll",b
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\SBTech\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\SBTech\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKUS\S-1-5-19\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\norobeta.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\norobeta.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sprint Mobile Broadband (Novatel Wireless).LNK = C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
O4 - Global Startup: Sprint PCS Connection Manager 3.0.LNK = C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {03E2CC6D-82D5-4044-BE2B-F1E2D73369A7} (Siebel Gantt Chart) - https://echannel.rio.directv.com/echannelcm...Gantt_Chart.cab
O16 - DPF: {1D4BC8B9-E9F8-4F60-B62B-865307C081A2} (Siebel High Interactivity Framework) - https://portal.rio.directv.com/echannelcmes...x_HI_Client.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172503288203
O16 - DPF: {B0AEC02C-7795-4DEA-A420-A2B43B692742} (Siebel High Interactivity Framework) - https://echannel.rio.directv.com/echannelcm...x_HI_Client.cab
O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - https://portal.rio.directv.com/echannelcmes...lets/iTools.cab
O16 - DPF: {F200B967-690E-445A-812D-709115ED188C} (Siebel Gantt Chart) - https://portal.rio.directv.com/echannelcmes...Gantt_Chart.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EBB90A5-18FE-4EAD-A2F3-B56F874C2762}: NameServer = 68.28.50.91 68.28.58.92
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\vabofoka.dll lklwix.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10034 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:39 PM

Posted 20 December 2008 - 05:17 AM

Hi Flicktron,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#3 Flicktron

Flicktron
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 21 December 2008 - 06:29 PM

Thanks farbar, I really appreciate this.

The only thing I've done for the computer is try to start it up in regular mode, and it failed to load up normally.

The other things I've done are run AVG 8.0 to see if it could pick up anything in safe mode, as well as Intelinet Security System and HiJack This just to get a log.

And the current state of the computer is that I can only do things in Safe Mode, and nothing in regular mode. I got the RSIT to work under safe mode only. Here are the logs, attached and posted.

__________________________________________________________________________

info.txt logfile of random's system information tool 1.05 2008-12-21 15:20:53

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
-->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Application Installer 4.00.B5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x9
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -IVlg103CA.INF
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -ICpV30D5a.inf
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_SprtHD5m\UIU32m.exe -U -ISprtHD5m.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB910728)-->"C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912436)-->"C:\WINDOWS\$NtUninstallKB912436$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914906)-->"C:\WINDOWS\$NtUninstallKB914906$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915326)-->"C:\WINDOWS\$NtUninstallKB915326$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB918005)-->"C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Backup and Recovery Manager Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9 -uninst -removeonly
hp LaserJet 4250/4350/4240-->C:\Program Files\Hewlett-Packard\hp LaserJet 4250 4350 4240\Installer\hpsetup.exe /x
hp LaserJet 4250/4350/4240-->msiexec /x{E063B3E2-6641-4375-9F09-ADA9E589EB90}
HP Printer Access Tool-->MsiExec.exe /X{D8DBCF67-C44C-4768-8112-9CADBAC390E6}
HP Quick Launch Buttons 6.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0038-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{929AB598-BB08-4875-B8D2-952C151D6E47}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intelinet 3.1.0-->"C:\Program Files\Intelinet\unins000.exe"
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_13-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142130}
LG USB Modem Drivers-->MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft English TTS Engine-->MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Streets & Trips 2007 with GPS Locator-->MsiExec.exe /I{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio UDF Reader-->C:\WINDOWS\system32\UDFRUNIN.EXE
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_30C4103C\HXFSETUP.EXE -U -IVlg103Cm.inf
Sprint Mobile Broadband (Novatel Wireless)-->MsiExec.exe /X{236C3863-4A50-4121-8B57-CBB85D58C5C3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TTS Wrapper-->MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885464-->C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB888402-->C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe
Windows XP Hotfix - KB889673-->C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892559-->"C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free (outdated)

System event log

Computer Name: HP191MHF
Event Code: 7035
Message: The Terminal Services service was successfully sent a start control.

Record Number: 20803
Source Name: Service Control Manager
Time Written: 20081207220923.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HP191MHF
Event Code: 7036
Message: The Computer Browser service entered the stopped state.

Record Number: 20802
Source Name: Service Control Manager
Time Written: 20081207220918.000000-480
Event Type: information
User:

Computer Name: HP191MHF
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 20801
Source Name: Service Control Manager
Time Written: 20081207220917.000000-480
Event Type: information
User:

Computer Name: HP191MHF
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 20800
Source Name: Service Control Manager
Time Written: 20081207220917.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HP191MHF
Event Code: 7036
Message: The Telephony service entered the running state.

Record Number: 20799
Source Name: Service Control Manager
Time Written: 20081207220917.000000-480
Event Type: information
User:

Application event log

Computer Name: HP191MHF
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
The Record Data contains the new values of the system Last Counter and
Last Help registry entries.

Record Number: 2378
Source Name: LoadPerf
Time Written: 20080205104749.000000-480
Event Type: information
User:

Computer Name: HP191MHF
Event Code: 2200
Message: Message Queuing Triggers started successfully.

Record Number: 2377
Source Name: MSMQTriggers
Time Written: 20080205104323.000000-480
Event Type: information
User:

Computer Name: HP191MHF
Event Code: 2028
Message: The Message Queuing service started.

Record Number: 2376
Source Name: MSMQ
Time Written: 20080205104323.000000-480
Event Type: information
User:

Computer Name: HP191MHF
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 2375
Source Name: SecurityCenter
Time Written: 20080205104322.000000-480
Event Type: information
User:

Computer Name: HP191MHF
Event Code: 105
Message: The service was started.

Record Number: 2374
Source Name: OSCM Utility Service
Time Written: 20080205104321.000000-480
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------
___________________________________________________________________________________

.....and the log.....

___________________________________________________________________________________

Logfile of random's system information tool 1.05 (written by random/random)
Run by SBTech at 2008-12-21 15:20:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 44 GB (57%) free of 76 GB
Total RAM: 503 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:51 PM, on 12/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\SBTech\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\SBTech.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: (no name) - {31D2D5CF-6D0F-4077-959A-1FA69F2AEA49} - C:\WINDOWS\system32\efcYooNd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {7b0f8b1d-6568-2b68-4e74-073550017bca} - {acb71005-5370-47e4-86b2-8656d1b8f0b7} - C:\WINDOWS\system32\sgmkwz.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {c1b813f2-2f27-4e4d-be85-e26a501a4306} - C:\WINDOWS\system32\zanelupo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [18472bf7] rundll32.exe "C:\WINDOWS\system32\ujvvxcap.dll",b
O4 - HKLM\..\RunOnce: [tdss] C:\WINDOWS\TEMP\371140.exe
O4 - HKLM\..\RunOnce: [ ] C:\WINDOWS\System32\cmd.exe /C del /Q C:\WINDOWS\system32\rdssrv.exe C:\WINDOWS\system32\rdshost.dll C:\WINDOWS\system32\hdfkt.dll
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\SBTech\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\SBTech\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKUS\S-1-5-20\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sprint Mobile Broadband (Novatel Wireless).LNK = C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
O4 - Global Startup: Sprint PCS Connection Manager 3.0.LNK = C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {03E2CC6D-82D5-4044-BE2B-F1E2D73369A7} (Siebel Gantt Chart) - https://echannel.rio.directv.com/echannelcm...Gantt_Chart.cab
O16 - DPF: {1D4BC8B9-E9F8-4F60-B62B-865307C081A2} (Siebel High Interactivity Framework) - https://portal.rio.directv.com/echannelcmes...x_HI_Client.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172503288203
O16 - DPF: {B0AEC02C-7795-4DEA-A420-A2B43B692742} (Siebel High Interactivity Framework) - https://echannel.rio.directv.com/echannelcm...x_HI_Client.cab
O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - https://portal.rio.directv.com/echannelcmes...lets/iTools.cab
O16 - DPF: {F200B967-690E-445A-812D-709115ED188C} (Siebel Gantt Chart) - https://portal.rio.directv.com/echannelcmes...Gantt_Chart.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\kubiwipi.dll,avgrsstx.dll sgmkwz.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7715 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\sfinnetm.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D2D5CF-6D0F-4077-959A-1FA69F2AEA49}]
C:\WINDOWS\system32\efcYooNd.dll [2008-12-07 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{acb71005-5370-47e4-86b2-8656d1b8f0b7}]
C:\WINDOWS\system32\sgmkwz.dll [2008-12-12 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-26 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c1b813f2-2f27-4e4d-be85-e26a501a4306}]
C:\WINDOWS\system32\zanelupo.dll [2008-09-11 62659]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-05 2403392]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-16 794713]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-07-13 40960]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-16 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-16 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-16 131072]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-21 185896]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"payumasabo"=C:\WINDOWS\system32\burolage.dll [2008-09-11 62659]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-11 1261336]
"18472bf7"=C:\WINDOWS\system32\ujvvxcap.dll [2008-12-12 72704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tdss"=C:\WINDOWS\TEMP\371140.exe [2008-12-13 6144]
" "=C:\WINDOWS\System32\cmd.exe [2004-08-04 388608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-11 68856]
"SmileboxTray"=C:\Documents and Settings\SBTech\Application Data\Smilebox\SmileboxTray.exe [2008-05-19 201352]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"gadcom"=C:\Documents and Settings\SBTech\Application Data\gadcom\gadcom.exe [2008-12-07 56832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
Sprint Mobile Broadband (Novatel Wireless).LNK - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
Sprint PCS Connection Manager 3.0.LNK - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",C:\WINDOWS\system32\kubiwipi.dll,avgrsstx.dll sgmkwz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcYooNd
"notification packages"=scecli
C:\WINDOWS\system32\kubiwipi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lguuugutxdq.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\meyqpvflwxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lguuugutxdq.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\meyqpvflwxy.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\SopCast\sopvod.exe"="C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Disabled:lsass"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 2 months======

2008-12-21 15:18:48 ----D---- C:\rsit
2008-12-17 20:50:08 ----A---- C:\WINDOWS\system32\chg.exe
2008-12-13 05:35:01 ----SH---- C:\WINDOWS\system32\lenosopo.exe
2008-12-12 15:23:24 ----SH---- C:\WINDOWS\system32\pacxvvju.ini
2008-12-12 15:23:22 ----A---- C:\WINDOWS\system32\ujvvxcap.dll
2008-12-12 15:17:43 ----A---- C:\WINDOWS\system32\sgmkwz.dll
2008-12-12 15:17:37 ----A---- C:\WINDOWS\system32\jhifrxtw.dll
2008-12-12 13:45:07 ----SH---- C:\WINDOWS\system32\ftvkyxaa.ini
2008-12-12 13:24:34 ----A---- C:\WINDOWS\system32\eqpzus.dll
2008-12-12 13:24:33 ----A---- C:\WINDOWS\system32\mugkgdyp.dll
2008-12-11 22:56:30 ----HD---- C:\$AVG8.VAULT$
2008-12-11 22:44:56 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-11 22:44:25 ----D---- C:\Program Files\AVG
2008-12-11 22:44:24 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-11 12:03:36 ----D---- C:\Program Files\Trend Micro
2008-12-11 11:12:15 ----A---- C:\WINDOWS\system32\lklwix.dll
2008-12-11 11:12:10 ----A---- C:\WINDOWS\system32\lheyrykl.dll
2008-12-11 11:09:13 ----SH---- C:\WINDOWS\system32\aspmjrgb.ini
2008-12-09 22:17:20 ----A---- C:\WINDOWS\WRSetup.dll
2008-12-09 22:17:19 ----D---- C:\Program Files\Webroot
2008-12-09 22:17:19 ----D---- C:\Documents and Settings\SBTech\Application Data\Webroot
2008-12-09 22:17:19 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-12-09 21:26:11 ----D---- C:\Program Files\Alwil Software
2008-12-09 21:00:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-09 20:43:39 ----SH---- C:\WINDOWS\system32\wvbincrw.ini
2008-12-09 20:43:31 ----A---- C:\WINDOWS\system32\nxdnpq.dll
2008-12-09 20:43:30 ----A---- C:\WINDOWS\system32\cqflesfp.dll
2008-12-09 13:17:27 ----D---- C:\Program Files\Intelinet
2008-12-09 00:00:26 ----SHD---- C:\Config.Msi
2008-12-08 21:32:08 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-12-08 21:30:14 ----D---- C:\Program Files\Common Files\iS3
2008-12-08 21:30:13 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-12-08 21:23:22 ----D---- C:\Documents and Settings\SBTech\Application Data\Talkback
2008-12-08 20:33:02 ----D---- C:\Documents and Settings\SBTech\Application Data\Systweak
2008-12-08 20:33:02 ----D---- C:\Documents and Settings\All Users\Application Data\Systweak
2008-12-08 20:24:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-08 19:50:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 17:09:24 ----SH---- C:\WINDOWS\system32\pgqqqumy.ini
2008-12-08 17:09:21 ----A---- C:\WINDOWS\system32\ymuqqqgp.dll
2008-12-08 17:07:20 ----A---- C:\WINDOWS\system32\winscenter.exe
2008-12-08 17:07:17 ----A---- C:\WINDOWS\vmreg.dll
2008-12-08 17:07:17 ----A---- C:\WINDOWS\sysexplorer.exe
2008-12-08 17:07:17 ----A---- C:\WINDOWS\syscert.exe
2008-12-08 17:07:17 ----A---- C:\WINDOWS\sys.com
2008-12-08 17:07:17 ----A---- C:\WINDOWS\spoolsystem.exe
2008-12-08 17:07:17 ----A---- C:\WINDOWS\reged.exe
2008-12-08 17:06:25 ----A---- C:\Documents and Settings\All Users\Application Data\svhost.exe
2008-12-08 17:06:20 ----A---- C:\WINDOWS\system32\sqbhyqlw.exe
2008-12-08 17:03:25 ----A---- C:\WINDOWS\system32\nsvsxu.dll
2008-12-08 17:03:21 ----A---- C:\WINDOWS\system32\xumqjqsu.dll
2008-12-08 15:22:08 ----A---- C:\WINDOWS\system32\~.exe
2008-12-08 13:23:10 ----A---- C:\WINDOWS\system32\jxzmlb.dll
2008-12-08 13:23:07 ----A---- C:\WINDOWS\system32\cmtfuash.dll
2008-12-08 13:20:10 ----SH---- C:\WINDOWS\system32\gyitwvjv.ini
2008-12-08 13:20:08 ----N---- C:\WINDOWS\system32\vjvwtiyg.dll
2008-12-07 17:15:47 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-07 14:13:24 ----SHD---- C:\WINDOWS\IA
2008-12-07 14:03:02 ----D---- C:\WINDOWS\moou
2008-12-07 14:03:02 ----D---- C:\Program Files\Common Files\moou
2008-12-07 13:57:39 ----D---- C:\Documents and Settings\SBTech\Application Data\SpeedRunner
2008-12-07 13:52:36 ----D---- C:\Documents and Settings\SBTech\Application Data\Twain
2008-12-07 13:18:42 ----SH---- C:\WINDOWS\system32\nwikdaxq.ini
2008-12-07 13:18:08 ----A---- C:\WINDOWS\system32\1364ef89-.txt
2008-12-07 13:17:32 ----D---- C:\Program Files\Webtools
2008-12-07 13:17:16 ----ASH---- C:\WINDOWS\system32\dNooYcfe.ini2
2008-12-07 13:17:15 ----ASH---- C:\WINDOWS\system32\dNooYcfe.ini
2008-12-07 13:17:06 ----A---- C:\WINDOWS\system32\efcYooNd.dll
2008-12-07 13:12:32 ----D---- C:\Program Files\Mjcore
2008-12-07 13:12:10 ----D---- C:\Documents and Settings\SBTech\Application Data\gadcom
2008-12-06 10:26:31 ----D---- C:\Documents and Settings\SBTech\Application Data\Snapfish
2008-12-02 18:37:05 ----D---- C:\Program Files\MyPublisher
2008-12-02 18:36:56 ----D---- C:\Documents and Settings\SBTech\Application Data\MyPublisher
2008-10-24 13:34:31 ----D---- C:\Documents and Settings\SBTech\Application Data\Simple Star
2008-10-24 13:31:56 ----D---- C:\Documents and Settings\SBTech\Application Data\Digital Album Organizer
2008-10-24 13:31:46 ----A---- C:\WINDOWS\system32\DVDRProX.dll
2008-10-24 13:30:24 ----D---- C:\Temp

======List of files/folders modified in the last 2 months======

2008-12-21 15:18:50 ----D---- C:\Program Files\Mozilla Firefox
2008-12-21 15:17:52 ----D---- C:\Documents and Settings\SBTech\Application Data\U3
2008-12-17 20:56:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-17 20:51:05 ----D---- C:\WINDOWS\Temp
2008-12-17 20:50:23 ----D---- C:\WINDOWS
2008-12-17 20:50:12 ----D---- C:\WINDOWS\system32
2008-12-17 20:50:01 ----D---- C:\WINDOWS\SMINST
2008-12-16 21:45:55 ----SHD---- C:\WINDOWS\CSC
2008-12-13 16:04:26 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 16:02:04 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Merlin CDMA EV-DO Modem.txt
2008-12-13 10:02:52 ----D---- C:\WINDOWS\Prefetch
2008-12-12 13:50:38 ----D---- C:\Documents and Settings\SBTech\Application Data\Smilebox
2008-12-12 13:44:11 ----RD---- C:\Program Files
2008-12-12 13:25:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-12 13:25:07 ----HD---- C:\WINDOWS\inf
2008-12-12 12:07:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 22:44:21 ----SHD---- C:\WINDOWS\Installer
2008-12-11 22:44:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-11 22:44:09 ----D---- C:\WINDOWS\WinSxS
2008-12-11 12:06:38 ----ASH---- C:\WINDOWS\system32\heyotina.dll
2008-12-11 11:57:34 ----D---- C:\WINDOWS\Minidump
2008-12-11 11:10:04 ----D---- C:\Documents and Settings\SBTech\Application Data\Macromedia
2008-12-09 21:27:10 ----D---- C:\WINDOWS\system32\config
2008-12-09 00:00:50 ----D---- C:\WINDOWS\SxsCaPendDel
2008-12-08 21:30:14 ----D---- C:\Program Files\Common Files
2008-12-08 20:15:26 ----D---- C:\Documents and Settings\SBTech\Application Data\Mozilla
2008-12-08 17:07:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-07 13:12:01 ----SD---- C:\WINDOWS\Tasks
2008-12-06 22:33:42 ----D---- C:\Documents and Settings\SBTech\Application Data\LimeWire
2008-12-06 10:25:20 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-02 18:37:12 ----RSD---- C:\WINDOWS\Fonts
2008-11-22 18:02:14 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-05 07:26:47 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 UdfReadr;UdfReadr; C:\WINDOWS\system32\drivers\UdfReadr.sys [2005-03-08 202496]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-11-07 166400]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-11 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-11 26824]
S1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S2 lguuugutxdq.sys;lguuugutxdq.sys; \??\C:\WINDOWS\system32\drivers\lguuugutxdq.sys []
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
S2 meyqpvflwxy.sys;meyqpvflwxy.sys; \??\C:\WINDOWS\system32\drivers\meyqpvflwxy.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2006-08-21 38144]
S3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2006-08-21 530176]
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-08-21 163328]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-02-13 625664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
S3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2006-05-17 246912]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
S3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-17 1706752]
S3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-03-01 2203520]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2006-11-07 92160]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2006-11-07 92160]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2006-11-07 92160]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\drivers\PCASp50.sys [2006-12-18 18560]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2006-06-20 21312]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2006-06-20 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2006-06-20 39248]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-07-17 2206720]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-11 231704]
S2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2004-08-04 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2004-08-04 117248]
S2 OSCM Utility Service;OSCM Utility Service; C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe [2006-12-18 155648]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-05 138168]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IntelinetSecure;IntelinetSecure; C:\Program Files\Intelinet\intelin2.exe [2008-10-16 861464]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   20.17KB   17 downloads
  • Attached File  log.txt   29.58KB   4 downloads


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:39 PM

Posted 22 December 2008 - 04:41 AM

You are welcome Flicktron.

This is a heavily infected computer in a bad shape. To avoid more trouble and a complete reformat I need to know a few things before we start disinfecting it:
  • Is this the only computer you have or there is another computer we might use? or you are downloading the tools in Safe Mode with networking?

  • Do you have a Windows installation CD in case we needed it?


#5 Flicktron

Flicktron
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 22 December 2008 - 01:02 PM

1- Currently I use my parents computer. I download on their computer, and transfer the file from a flash drive onto my laptop. While I'm in Safe Mode with networking, my internet does not work.

2- I unfortunately do not have the Windows Installation CD, although I could get it within a day or two.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:39 PM

Posted 22 December 2008 - 01:09 PM

Do you have to go back and forth or you have both computers at one place. I ask this because I want to download as many tools as possible if you have to go back and fort.

#7 Flicktron

Flicktron
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 22 December 2008 - 03:38 PM

It is one place. I set up my laptop next to their computer while I did this.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:39 PM

Posted 22 December 2008 - 05:15 PM

One of the the infection is spreading and causing boot problems. Many helpers are working for a solution. So this is not your fault the computer is not booting.

Note: The fixes are in Safe Mode. But in case the tools (SDFix or MBAM) needed to reboot to normal mode allow it. Getting to normal boot is our first aim. We wouldn't be able to clean the computer in one post, so please be patient.

Note 2: Do the steps in order they are written. Don't skip any step. If faced with any problem please post back before proceeding and give as much feedback as possible in order to figure out what is going on at the other end.
  • Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download SDFix by AndyManchesta and save it to the desktop of working copmputer.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • Copy SDFix folder to you flash drive then put it on C drive of the infected computer.
    • DO NOT use it just yet.
  • Open notepad (start-all programs-accessories-notepad). Copy and paste the text in the code box into the notepad.

    @ECHO OFF
    attrib -h -r -s "C:\WINDOWS\tasks\sfinnetm.job"
    del /q "C:\WINDOWS\tasks\sfinnetm.job"
    del remove.bat
    • Select save in:desktop
    • Fill in File name: remove.bat
    • Save as type: All file types (*.*)
    • Click Save and close the Notepad.
    • Double-click remove.bat on the desktop.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {31D2D5CF-6D0F-4077-959A-1FA69F2AEA49} - C:\WINDOWS\system32\efcYooNd.dll
    O2 - BHO: {7b0f8b1d-6568-2b68-4e74-073550017bca} - {acb71005-5370-47e4-86b2-8656d1b8f0b7} - C:\WINDOWS\system32\sgmkwz.dll
    O2 - BHO: (no name) - {c1b813f2-2f27-4e4d-be85-e26a501a4306} - C:\WINDOWS\system32\zanelupo.dll
    O4 - HKLM\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s
    O4 - HKLM\..\Run: [18472bf7] rundll32.exe "C:\WINDOWS\system32\ujvvxcap.dll",b
    O4 - HKLM\..\RunOnce: [ ] C:\WINDOWS\System32\cmd.exe /C del /Q C:\WINDOWS\system32\rdssrv.exe C:\WINDOWS\system32\rdshost.dll C:\WINDOWS\system32\hdfkt.dll
    O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\SBTech\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
    O4 - HKUS\S-1-5-20\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6C,69,00,00
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tdss"=-
    " "=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lguuugutxdq.sys]
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\meyqpvflwxy.sys]
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lguuugutxdq.sys]
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\meyqpvflwxy.sys]
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply.
  • Please download Malwarebytes' Anti-Malware to the working computer from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. Then click Finish.
    • If an update is found, it will download and install the latest version. When the application is updated close the application.
    • Copy the following folder to your flash drive: C:\Program Files\Malwarebytes' Anti-Malware.
    • Copy the folder to the following directory of the infected computer: C:\Program Files.
    • It will ask you if you to replace ... say yes to all to replace the Malwarebyts' folder on the infected computer. You can also remove the MBAM folder first then replace it with the updated one.
    • Now you have an updated MBAM on your computer.
    • Open MBAM by double-clicking on its shortcut or Go to C:\Program Files\Malwarebytes' Anti-Malware and run mbam.exe.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).
Please copy/paste in your next reply:
  • The SDFix log.
  • The log of MBAM.
  • The RSIT log.
  • Any comment or feedback about how it went.


#9 Flicktron

Flicktron
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 23 December 2008 - 06:43 PM

I got up to Step 5 and when I would use SDFix everything would freeze after a few hours.

Everything else went just fine, up until Step 5.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:39 PM

Posted 23 December 2008 - 07:17 PM

Thanks for the feedback.

SDFix should not take that long. Does it freezes on reboot or before that?

Reboot the computer and enter Safe Mode again then apply the step with RunThis.bat once more. If it freezes again:

Please run RSIT and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

#11 Flicktron

Flicktron
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 23 December 2008 - 10:22 PM

While SDFix is running it freezes up.

It never seems to go anywhere either. How long should it take to run?

#12 Flicktron

Flicktron
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 23 December 2008 - 10:47 PM

It didn't work, so here is the log.

----------------------------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by SBTech at 2008-12-23 19:40:14
Microsoft Windows XP Professional Service Pack 2
System drive C: has 44 GB (57%) free of 76 GB
Total RAM: 503 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:17 PM, on 12/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\SBTech\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\SBTech.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {c1b813f2-2f27-4e4d-be85-e26a501a4306} - C:\WINDOWS\system32\zanelupo.dll (file missing)
O2 - BHO: (no name) - {CB25B9CC-E306-45A2-971D-1E3347E7BBB9} - C:\WINDOWS\system32\efcYooNd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\SBTech\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sprint Mobile Broadband (Novatel Wireless).LNK = C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
O4 - Global Startup: Sprint PCS Connection Manager 3.0.LNK = C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {03E2CC6D-82D5-4044-BE2B-F1E2D73369A7} (Siebel Gantt Chart) - https://echannel.rio.directv.com/echannelcm...Gantt_Chart.cab
O16 - DPF: {1D4BC8B9-E9F8-4F60-B62B-865307C081A2} (Siebel High Interactivity Framework) - https://portal.rio.directv.com/echannelcmes...x_HI_Client.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172503288203
O16 - DPF: {B0AEC02C-7795-4DEA-A420-A2B43B692742} (Siebel High Interactivity Framework) - https://echannel.rio.directv.com/echannelcm...x_HI_Client.cab
O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - https://portal.rio.directv.com/echannelcmes...lets/iTools.cab
O16 - DPF: {F200B967-690E-445A-812D-709115ED188C} (Siebel Gantt Chart) - https://portal.rio.directv.com/echannelcmes...Gantt_Chart.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,C:\WINDOWS\system32\kubiwipi.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6809 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-26 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c1b813f2-2f27-4e4d-be85-e26a501a4306}]
C:\WINDOWS\system32\zanelupo.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB25B9CC-E306-45A2-971D-1E3347E7BBB9}]
C:\WINDOWS\system32\efcYooNd.dll [2008-12-07 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-05 2403392]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-16 794713]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-07-13 40960]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-16 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-16 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-16 131072]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-21 185896]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-11 1261336]
"payumasabo"=C:\WINDOWS\system32\burolage.dll [2008-09-11 62659]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-11 68856]
"SmileboxTray"=C:\Documents and Settings\SBTech\Application Data\Smilebox\SmileboxTray.exe [2008-05-19 201352]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
Sprint Mobile Broadband (Novatel Wireless).LNK - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
Sprint PCS Connection Manager 3.0.LNK - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll,C:\WINDOWS\system32\kubiwipi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcYooNd
"notification packages"=scecli
C:\WINDOWS\system32\kubiwipi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\SopCast\sopvod.exe"="C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Disabled:lsass"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-22 21:49:19 ----D---- C:\WINDOWS\ERUNT
2008-12-22 21:48:25 ----D---- C:\SDFix
2008-12-22 21:46:35 ----A---- C:\SDFix.exe
2008-12-21 15:18:48 ----D---- C:\rsit
2008-12-13 05:35:01 ----SH---- C:\WINDOWS\system32\lenosopo.exe
2008-12-12 15:23:24 ----SH---- C:\WINDOWS\system32\pacxvvju.ini
2008-12-12 15:23:22 ----A---- C:\WINDOWS\system32\ujvvxcap.dll
2008-12-12 15:17:43 ----A---- C:\WINDOWS\system32\sgmkwz.dll
2008-12-12 15:17:37 ----A---- C:\WINDOWS\system32\jhifrxtw.dll
2008-12-12 13:45:07 ----SH---- C:\WINDOWS\system32\ftvkyxaa.ini
2008-12-12 13:24:34 ----A---- C:\WINDOWS\system32\eqpzus.dll
2008-12-12 13:24:33 ----A---- C:\WINDOWS\system32\mugkgdyp.dll
2008-12-11 22:56:30 ----HD---- C:\$AVG8.VAULT$
2008-12-11 22:44:56 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-11 22:44:25 ----D---- C:\Program Files\AVG
2008-12-11 22:44:24 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-11 12:03:36 ----D---- C:\Program Files\Trend Micro
2008-12-11 11:12:15 ----A---- C:\WINDOWS\system32\lklwix.dll
2008-12-11 11:12:10 ----A---- C:\WINDOWS\system32\lheyrykl.dll
2008-12-11 11:09:13 ----SH---- C:\WINDOWS\system32\aspmjrgb.ini
2008-12-09 22:17:20 ----A---- C:\WINDOWS\WRSetup.dll
2008-12-09 22:17:19 ----D---- C:\Program Files\Webroot
2008-12-09 22:17:19 ----D---- C:\Documents and Settings\SBTech\Application Data\Webroot
2008-12-09 22:17:19 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-12-09 21:26:11 ----D---- C:\Program Files\Alwil Software
2008-12-09 21:00:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-09 20:43:39 ----SH---- C:\WINDOWS\system32\wvbincrw.ini
2008-12-09 20:43:31 ----A---- C:\WINDOWS\system32\nxdnpq.dll
2008-12-09 20:43:30 ----A---- C:\WINDOWS\system32\cqflesfp.dll
2008-12-09 13:17:27 ----D---- C:\Program Files\Intelinet
2008-12-09 00:00:26 ----SHD---- C:\Config.Msi
2008-12-08 21:32:08 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-12-08 21:30:14 ----D---- C:\Program Files\Common Files\iS3
2008-12-08 21:30:13 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-12-08 21:23:22 ----D---- C:\Documents and Settings\SBTech\Application Data\Talkback
2008-12-08 20:33:02 ----D---- C:\Documents and Settings\SBTech\Application Data\Systweak
2008-12-08 20:33:02 ----D---- C:\Documents and Settings\All Users\Application Data\Systweak
2008-12-08 20:24:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-08 19:50:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 17:09:24 ----SH---- C:\WINDOWS\system32\pgqqqumy.ini
2008-12-08 17:09:21 ----A---- C:\WINDOWS\system32\ymuqqqgp.dll
2008-12-08 17:07:20 ----A---- C:\WINDOWS\system32\winscenter.exe
2008-12-08 17:07:17 ----A---- C:\WINDOWS\vmreg.dll
2008-12-08 17:07:17 ----A---- C:\WINDOWS\sysexplorer.exe
2008-12-08 17:07:17 ----A---- C:\WINDOWS\syscert.exe
2008-12-08 17:07:17 ----A---- C:\WINDOWS\sys.com
2008-12-08 17:07:17 ----A---- C:\WINDOWS\spoolsystem.exe
2008-12-08 17:07:17 ----A---- C:\WINDOWS\reged.exe
2008-12-08 17:06:25 ----A---- C:\Documents and Settings\All Users\Application Data\svhost.exe
2008-12-08 17:06:20 ----A---- C:\WINDOWS\system32\sqbhyqlw.exe
2008-12-08 17:03:25 ----A---- C:\WINDOWS\system32\nsvsxu.dll
2008-12-08 17:03:21 ----A---- C:\WINDOWS\system32\xumqjqsu.dll
2008-12-08 15:22:08 ----A---- C:\WINDOWS\system32\~.exe
2008-12-08 13:23:10 ----A---- C:\WINDOWS\system32\jxzmlb.dll
2008-12-08 13:23:07 ----A---- C:\WINDOWS\system32\cmtfuash.dll
2008-12-08 13:20:10 ----SH---- C:\WINDOWS\system32\gyitwvjv.ini
2008-12-08 13:20:08 ----N---- C:\WINDOWS\system32\vjvwtiyg.dll
2008-12-07 17:15:47 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-07 14:13:24 ----SHD---- C:\WINDOWS\IA
2008-12-07 14:03:02 ----D---- C:\WINDOWS\moou
2008-12-07 14:03:02 ----D---- C:\Program Files\Common Files\moou
2008-12-07 13:57:39 ----D---- C:\Documents and Settings\SBTech\Application Data\SpeedRunner
2008-12-07 13:52:36 ----D---- C:\Documents and Settings\SBTech\Application Data\Twain
2008-12-07 13:18:42 ----SH---- C:\WINDOWS\system32\nwikdaxq.ini
2008-12-07 13:18:08 ----A---- C:\WINDOWS\system32\1364ef89-.txt
2008-12-07 13:17:32 ----D---- C:\Program Files\Webtools
2008-12-07 13:17:16 ----ASH---- C:\WINDOWS\system32\dNooYcfe.ini2
2008-12-07 13:17:15 ----ASH---- C:\WINDOWS\system32\dNooYcfe.ini
2008-12-07 13:17:06 ----A---- C:\WINDOWS\system32\efcYooNd.dll
2008-12-07 13:12:32 ----D---- C:\Program Files\Mjcore
2008-12-07 13:12:10 ----D---- C:\Documents and Settings\SBTech\Application Data\gadcom
2008-12-06 10:26:31 ----D---- C:\Documents and Settings\SBTech\Application Data\Snapfish
2008-12-02 18:37:05 ----D---- C:\Program Files\MyPublisher
2008-12-02 18:36:56 ----D---- C:\Documents and Settings\SBTech\Application Data\MyPublisher

======List of files/folders modified in the last 1 months======

2008-12-23 19:33:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-22 21:49:19 ----D---- C:\WINDOWS
2008-12-22 21:17:42 ----D---- C:\WINDOWS\system32
2008-12-22 21:04:03 ----SD---- C:\WINDOWS\Tasks
2008-12-21 15:18:50 ----D---- C:\Program Files\Mozilla Firefox
2008-12-21 15:17:52 ----D---- C:\Documents and Settings\SBTech\Application Data\U3
2008-12-17 20:51:05 ----D---- C:\WINDOWS\Temp
2008-12-17 20:50:01 ----D---- C:\WINDOWS\SMINST
2008-12-16 21:45:55 ----SHD---- C:\WINDOWS\CSC
2008-12-13 16:04:26 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 16:02:04 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Merlin CDMA EV-DO Modem.txt
2008-12-13 10:02:52 ----D---- C:\WINDOWS\Prefetch
2008-12-12 13:50:38 ----D---- C:\Documents and Settings\SBTech\Application Data\Smilebox
2008-12-12 13:44:11 ----RD---- C:\Program Files
2008-12-12 13:25:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-12 13:25:07 ----HD---- C:\WINDOWS\inf
2008-12-12 12:07:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 22:44:21 ----SHD---- C:\WINDOWS\Installer
2008-12-11 22:44:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-11 22:44:09 ----D---- C:\WINDOWS\WinSxS
2008-12-11 12:06:38 ----ASH---- C:\WINDOWS\system32\heyotina.dll
2008-12-11 11:57:34 ----D---- C:\WINDOWS\Minidump
2008-12-11 11:10:04 ----D---- C:\Documents and Settings\SBTech\Application Data\Macromedia
2008-12-09 21:27:10 ----D---- C:\WINDOWS\system32\config
2008-12-09 00:00:50 ----D---- C:\WINDOWS\SxsCaPendDel
2008-12-08 21:30:14 ----D---- C:\Program Files\Common Files
2008-12-08 20:15:26 ----D---- C:\Documents and Settings\SBTech\Application Data\Mozilla
2008-12-08 17:07:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 22:33:42 ----D---- C:\Documents and Settings\SBTech\Application Data\LimeWire
2008-12-06 10:25:20 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-02 18:37:12 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 UdfReadr;UdfReadr; C:\WINDOWS\system32\drivers\UdfReadr.sys [2005-03-08 202496]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-11-07 166400]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-11 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-11 26824]
S1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S2 lguuugutxdq.sys;lguuugutxdq.sys; \??\C:\WINDOWS\system32\drivers\lguuugutxdq.sys []
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
S2 meyqpvflwxy.sys;meyqpvflwxy.sys; \??\C:\WINDOWS\system32\drivers\meyqpvflwxy.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2006-08-21 38144]
S3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2006-08-21 530176]
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-08-21 163328]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-02-13 625664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
S3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2006-05-17 246912]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
S3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-17 1706752]
S3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-03-01 2203520]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2006-11-07 92160]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2006-11-07 92160]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2006-11-07 92160]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\drivers\PCASp50.sys [2006-12-18 18560]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2006-06-20 21312]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2006-06-20 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2006-06-20 39248]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-07-17 2206720]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-11 231704]
S2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2004-08-04 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2004-08-04 117248]
S2 OSCM Utility Service;OSCM Utility Service; C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe [2006-12-18 155648]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-05 138168]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IntelinetSecure;IntelinetSecure; C:\Program Files\Intelinet\intelin2.exe [2008-10-16 861464]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]

-----------------EOF-----------------

Attached Files

  • Attached File  log.txt   27.25KB   5 downloads


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:39 PM

Posted 24 December 2008 - 02:37 AM

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: (no name) - {c1b813f2-2f27-4e4d-be85-e26a501a4306} - C:\WINDOWS\system32\zanelupo.dll (file missing)
    O2 - BHO: (no name) - {CB25B9CC-E306-45A2-971D-1E3347E7BBB9} - C:\WINDOWS\system32\efcYooNd.dll
    O4 - HKLM\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s
    O4 - HKUS\S-1-5-20\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s (User 'NETWORK SERVICE')


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Once more locate regfix.reg from the previous post on the desktop and double-click on it and confirm.

  • Please download Malwarebytes' Anti-Malware to the working computer from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. Then click Finish.
    • If an update is found, it will download and install the latest version. When the application is updated close the application.
    • Copy the following folder to your flash drive: C:\Program Files\Malwarebytes' Anti-Malware.
    • Copy the folder to the following directorey of the infected computer: C:\Program Files.
    • It will ask you if you to replace ... say yes to all to replace the Malwarebyts' folder on the infected computer.
    • Now you have an updated MBAM on your computer.
    • Open MBAM by double-clicking on its shortcut or Go to C:\Program Files\Malwarebytes' Anti-Malware and run mbam.exe.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Download ComboFix from one of these locations to the working computer.

    Link 1
    Link 2
    Link 3
    • Rename it to and rename it to Combo-Fix.exe (rename it before transferring it to the infected computer).
    • Transfer Combo-Fix.exe to the desktop of the infected computer.[/b]
    • Double click on Combo_Fix.exe & follow the prompts, agree to the term of conditions. It asks if you want Combo-Fix to download and install Recovery Console if by the time you run Combo-Fix.exe you are in Noramal Mode click Yes otherwise click NO and let Combo-Fix.exe scan the computer. If needed it reboots later on to remove what it finds.
    • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Note: Don't mouse-click while Combofix is running. You may disable your antivirus and other real-time security programs before running Combofix and enable them later on after finishing.

  • Please copy and paste a fresh Hijackthis log to your reply.


#14 Flicktron

Flicktron
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 24 December 2008 - 06:57 PM

When I try and use MalwareBytes on the infected computer, it will not let me install or use it.


here is a fresh Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:49 PM, on 12/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {c1b813f2-2f27-4e4d-be85-e26a501a4306} - C:\WINDOWS\system32\zanelupo.dll (file missing)
O2 - BHO: (no name) - {E74CC6F4-03C4-42D7-8C11-82E7AA36D28F} - C:\WINDOWS\system32\efcYooNd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\SBTech\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [payumasabo] Rundll32.exe "C:\WINDOWS\system32\burolage.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sprint Mobile Broadband (Novatel Wireless).LNK = C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
O4 - Global Startup: Sprint PCS Connection Manager 3.0.LNK = C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {03E2CC6D-82D5-4044-BE2B-F1E2D73369A7} (Siebel Gantt Chart) - https://echannel.rio.directv.com/echannelcm...Gantt_Chart.cab
O16 - DPF: {1D4BC8B9-E9F8-4F60-B62B-865307C081A2} (Siebel High Interactivity Framework) - https://portal.rio.directv.com/echannelcmes...x_HI_Client.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172503288203
O16 - DPF: {B0AEC02C-7795-4DEA-A420-A2B43B692742} (Siebel High Interactivity Framework) - https://echannel.rio.directv.com/echannelcm...x_HI_Client.cab
O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - https://portal.rio.directv.com/echannelcmes...lets/iTools.cab
O16 - DPF: {F200B967-690E-445A-812D-709115ED188C} (Siebel Gantt Chart) - https://portal.rio.directv.com/echannelcmes...Gantt_Chart.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,C:\WINDOWS\system32\kubiwipi.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6762 bytes

Attached Files



#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:39 PM

Posted 24 December 2008 - 07:18 PM

MBAM is already installed on your computer, isn't it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users