Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vundo


  • This topic is locked This topic is locked
16 replies to this topic

#1 dschwake

dschwake

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 21 December 2008 - 10:46 PM

Hi,

I started in the "Am I infected? What do I do?" forum & did everything instructed there. My problem started out by the website Pantomi.com opening by itself & redirecting to other random websites. I've run through several antispyware pograms already and was directed to this forum for further help, details at http://www.bleepingcomputer.com/forums/t/187505/pantomicom-opening-by-itself/. The initial problem seems to have been taken care of, but I'd like to rid my computer of everything that could give me any problems.

HJT & Kaspersky logs posted below, thanks for any help you can provide.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Scott at 2008-12-21 21:21:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 212 GB (90%) free of 236 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:57 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\Desktop\RSIT.exe
C:\Program Files\trend micro\Scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?hl=en&tab=wm#inbox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://remote.mccainassociates.com/NELX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\jolujara.dll c:\windows\system32\zavuvuhi.dll c:\windows\system32\pebubolo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12110 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-30 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-05-15 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-04 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-15 2403392]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-11-08 159744]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-29 8491008]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2008-01-29 86016]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-29 81920]
"Logitech Hardware Abstraction Layer"=C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE [2007-01-11 101136]
""= []
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1236992]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-12-11 2183168]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-11-08 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-11 101136]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-03-13 1443072]
"SonicWALLNetExtender"=C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [2008-01-16 562608]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-20 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-17 68856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\jolujara.dll c:\windows\system32\zavuvuhi.dll c:\windows\system32\pebubolo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\jolujara.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\WLTRAY.EXE"="C:\WINDOWS\system32\WLTRAY.EXE:*:Enabled:WLTRAY"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6425235e-23a2-11dd-804d-001f3ae47299}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6425235f-23a2-11dd-804d-001f3ae47299}]
shell\AutoRun\command - G:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-12-21 21:21:31 ----D---- C:\rsit
2008-12-21 21:21:31 ----D---- C:\Program Files\trend micro
2008-12-21 20:03:25 ----D---- C:\Program Files\SpywareBlaster
2008-12-20 17:31:37 ----D---- C:\WINDOWS\BDOSCAN8
2008-12-20 17:31:36 ----D---- C:\WINDOWS\LastGood
2008-12-20 11:42:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-19 07:51:21 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-19 07:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-19 07:49:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-19 07:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-19 07:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-19 07:25:17 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-19 07:25:17 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-19 07:25:17 ----A---- C:\WINDOWS\system32\java.exe
2008-12-19 07:25:17 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-19 07:13:02 ----D---- C:\Program Files\Adobe
2008-12-19 06:58:39 ----D---- C:\Program Files\CCleaner
2008-12-18 18:56:30 ----D---- C:\Documents and Settings\Scott\Application Data\Malwarebytes
2008-12-18 18:27:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-18 18:27:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-17 19:53:02 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 19:52:46 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-17 19:52:46 ----D---- C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com
2008-12-17 19:51:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of files/folders modified in the last 1 months======

2008-12-21 21:21:35 ----D---- C:\WINDOWS\Temp
2008-12-21 21:21:31 ----RD---- C:\Program Files
2008-12-21 21:20:30 ----D---- C:\WINDOWS\Prefetch
2008-12-21 21:14:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-21 20:03:30 ----D---- C:\WINDOWS\system32
2008-12-21 19:53:40 ----SHD---- C:\WINDOWS\Installer
2008-12-21 19:52:51 ----D---- C:\Program Files\Java
2008-12-20 18:55:33 ----D---- C:\Documents and Settings\Scott\Application Data\Skype
2008-12-20 17:31:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-20 17:31:38 ----D---- C:\WINDOWS
2008-12-20 17:31:37 ----HD---- C:\WINDOWS\inf
2008-12-20 17:26:49 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2008-12-20 17:26:49 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2008-12-20 17:26:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 17:26:43 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-12-20 17:25:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 06:56:04 ----D---- C:\WINDOWS\Debug
2008-12-19 08:03:51 ----D---- C:\WINDOWS\system32\Macromed
2008-12-19 08:03:51 ----D---- C:\Program Files\Internet Explorer
2008-12-19 07:56:36 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-19 07:55:44 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 07:48:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-19 07:29:35 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-19 07:13:22 ----D---- C:\Program Files\Common Files\Adobe
2008-12-19 07:13:12 ----D---- C:\WINDOWS\WinSxS
2008-12-19 07:13:09 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-19 07:02:54 ----D---- C:\WINDOWS\Minidump
2008-12-18 18:54:59 ----D---- C:\WINDOWS\system32\drivers
2008-12-17 19:51:03 ----D---- C:\Program Files\Common Files
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-22 15:29:44 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-03-13 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-03-13 71176]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-11-08 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-11-08 56832]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-11-08 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-11-08 155136]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-12-11 1123328]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-11-08 45568]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-22 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-22 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-30 876384]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-22 149123]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-30 55352]
R3 btwmodem;Bluetooth Fax Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-22 37280]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-22 67960]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-03-13 30728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-29 6852032]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SSLDrv;SSL-VPN NetExtender Adapter; C:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2008-01-16 19376]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-11-08 1222840]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-11 32272]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-11 32528]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2008-07-26 95384]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-05-17 260968]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-20 152984]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-29 155716]
R2 SONICWALL_NetExtender;SonicWALL NetExtender Service; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [2008-01-16 296368]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 202544]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-12-11 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-07-26 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-03-13 19200]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-15 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2008-12-21 21:21:59

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Bentley MicroStation (V 08.05.02.70) - 1-->"C:\Program Files\InstallShield Installation Information\GUID.exe" -uninstall -guid"{D88E167D-7D6A-45CD-9135-7D8156C959F4}_0"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP600 User Registration-->C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE
Canon MP600-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ESET Smart Security-->MsiExec.exe /I{9DE8D465-A169-4CC7-BAF7-CDD1C9E2EE56}
getPlus®-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KhalSetup-->MsiExec.exe /I{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SonicWALL SSL-VPN NetExtender-->C:\Program Files\SonicWALL\SSL-VPN\NetExtender\uninst.exe
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Strawberry Shortcake-->C:\WINDOWS\unvise32.exe C:\Program Files\Strawberry Shortcake\uninstal.log
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall

System event log

Computer Name: SCHWAKE
Event Code: 4201
Message: The system detected that network adapter Dell...WLAN Mini-Card - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 4730
Source Name: Tcpip
Time Written: 20081109182606.000000-360
Event Type: information
User:

Computer Name: SCHWAKE
Event Code: 4201
Message: The system detected that network adapter Dell...WLAN Mini-Card - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 4729
Source Name: Tcpip
Time Written: 20081109164532.000000-360
Event Type: information
User:

Computer Name: SCHWAKE
Event Code: 4202
Message: The system detected that network adapter Dell...WLAN Mini-Card - Packet Scheduler Miniport was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 4728
Source Name: Tcpip
Time Written: 20081109164527.000000-360
Event Type: information
User:

Computer Name: SCHWAKE
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 4727
Source Name: Service Control Manager
Time Written: 20081109103729.000000-360
Event Type: information
User:

Computer Name: SCHWAKE
Event Code: 4201
Message: The system detected that network adapter Dell...WLAN Mini-Card - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 4726
Source Name: Tcpip
Time Written: 20081109103728.000000-360
Event Type: information
User:

Application event log

Computer Name: SCHWAKE
Event Code: 1001
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Record Number: 3857
Source Name: MsiInstaller
Time Written: 20080814073553.000000-300
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: SCHWAKE
Event Code: 1004
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Record Number: 3856
Source Name: MsiInstaller
Time Written: 20080814073553.000000-300
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: SCHWAKE
Event Code: 1001
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Record Number: 3855
Source Name: MsiInstaller
Time Written: 20080814073552.000000-300
Event Type: warning
User: SCHWAKE\Missy

Computer Name: SCHWAKE
Event Code: 1004
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Record Number: 3854
Source Name: MsiInstaller
Time Written: 20080814073552.000000-300
Event Type: warning
User: SCHWAKE\Missy

Computer Name: SCHWAKE
Event Code: 1001
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Record Number: 3853
Source Name: MsiInstaller
Time Written: 20080814073552.000000-300
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 21, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 21, 2008 00:11:47
Records in database: 1493520
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 87401
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:19:44

No malware has been detected. The scan area is clean.

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:51 PM

Posted 28 December 2008 - 04:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 28 December 2008 - 11:27 PM

Thanks for you help, logs attached.
------------------------------------------

DDS (Version 1.1.0) - NTFSx86
Run by Scott at 22:18:54.21 on Sun 12/28/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1357 [GMT -6:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mstsc.exe
C:\Documents and Settings\Scott\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.google.com/mail/?hl=en&tab=wm#inbox
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [<NO NAME>]
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {6F05C9C6-E1BF-4082-8D20-9F2D732F6478} = 192.168.1.5 192.168.1.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\jolujara.dll c:\windows\system32\zavuvuhi.dll c:\windows\system32\pebubolo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\jolujara.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 ekrn;Eset Service;"c:\program files\eset\eset smart security\ekrn.exe" [2008-3-13 472320]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-1-16 19376]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-8-4 31592]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

=============== Created Last 30 ================

2008-12-27 13:13 1,025 a------- c:\windows\system32\clauth2.dll
2008-12-27 13:13 1,025 a------- c:\windows\system32\clauth1.dll
2008-12-27 13:13 701 a------- c:\windows\system32\ssprs.tgz
2008-12-27 13:13 687 a------- c:\windows\system32\ssprs.dll
2008-12-27 12:13 0 a------- c:\windows\epadmin.INI
2008-12-27 12:09 1,025 a------- c:\windows\system32\sysprs7.tgz
2008-12-27 12:09 1,025 a------- c:\windows\system32\sysprs7.dll
2008-12-27 12:09 219 a------- c:\windows\system32\lsprst7.tgz
2008-12-27 12:09 205 a------- c:\windows\system32\lsprst7.dll
2008-12-27 12:09 16 ----h--- c:\windows\system32\servdat.slm
2008-12-27 12:01 344,064 a------- c:\windows\system32\msexch35.dll
2008-12-27 12:01 170,865 a------- c:\windows\system32\Odbcjet.hlp
2008-12-27 12:01 123,664 a------- c:\windows\system32\msjint35.dll
2008-12-27 12:01 6,902 a------- c:\windows\system32\Odbcjet.cnt
2008-12-27 12:01 368,912 a------- c:\windows\system32\VBAR332.DLL
2008-12-27 12:01 44,304 a------- c:\windows\system32\msrpfs35.dll
2008-12-27 12:01 415,504 a------- c:\windows\system32\msrepl35.dll
2008-12-27 12:01 39,424 a------- c:\windows\system32\JETCOMP.exe
2008-12-27 12:01 24,848 a------- c:\windows\system32\msjter35.dll
2008-12-27 12:00 294,912 a------- c:\windows\system32\msxbse35.dll
2008-12-27 12:00 166,672 a------- c:\windows\system32\mstext35.dll
2008-12-27 12:00 262,144 a------- c:\windows\system32\msrd2x35.dll
2008-12-27 12:00 250,128 a------- c:\windows\system32\mspdox35.dll
2008-12-27 12:00 168,720 a------- c:\windows\system32\msltus35.dll
2008-12-27 12:00 1,238,288 a------- c:\windows\system32\msjt4jlt.dll
2008-12-27 12:00 1,050,896 a------- c:\windows\system32\msjet35.dll
2008-12-27 12:00 252,688 a------- c:\windows\system32\msexcl35.dll
2008-12-27 12:00 21,008 -------- c:\windows\system32\CTL3D.DLL
2008-12-27 12:00 200,704 -------- c:\windows\system32\THREED32.OCX
2008-12-27 11:59 25,088 -------- c:\windows\system32\msxml3a.dll
2008-12-27 11:59 49,152 -------- c:\windows\system32\INETWH32.dll
2008-12-27 11:20 <DIR> --d----- c:\program files\Eagle Point Software
2008-12-23 14:25 102,413 a------- c:\windows\system32\ASTULog.cab
2008-12-23 14:25 1,048 a------- c:\windows\system32\setup.inf
2008-12-23 14:25 283 a------- c:\windows\system32\setup.rpt
2008-12-23 14:25 <DIR> --d----- c:\windows\ASTULogTemp
2008-12-21 21:21 <DIR> --d----- c:\program files\trend micro
2008-12-21 20:03 <DIR> --d----- c:\program files\SpywareBlaster
2008-12-20 11:45 <DIR> --d----- c:\documents and settings\scott\DoctorWeb
2008-12-19 07:25 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-19 06:58 <DIR> --d----- c:\program files\CCleaner
2008-12-18 18:56 <DIR> --d----- c:\docume~1\scott\applic~1\Malwarebytes
2008-12-18 18:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-18 18:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 18:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 18:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-17 19:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-17 19:52 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-17 19:52 <DIR> --d----- c:\docume~1\scott\applic~1\SUPERAntiSpyware.com
2008-12-17 19:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-11 01:08 <DIR> --d----- c:\documents and settings\scott\windows contacts contact

==================== Find3M ====================

2008-12-28 11:20 83,143 a------- c:\windows\system32\nvModes.dat
2008-12-28 11:20 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-12-28 11:20 0 a------- c:\windows\system32\drivers\logiflt.iad
2008-12-13 00:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-11-14 14:23 60,744 a------- c:\documents and settings\scott\g2mdlhlpx.exe
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 07:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 07:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 10:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 01:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 01:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 04:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-06-10 20:23 168 a------- c:\docume~1\scott\applic~1\wklnhst.dat
2008-09-15 19:48 0 a--sh--- c:\windows\system32\folehabe.dll
2008-09-15 19:48 0 a--sh--- c:\windows\system32\tibiwedo.dll
2008-09-18 06:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 22:19:15.82 ===============

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:51 PM

Posted 30 December 2008 - 01:57 AM

Hi, dschwake :thumbsup:
  • Copy the entire contents of the Quote Box below to Notepad.
  • Leave an empty line at the end of the script.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, double click on the fix.reg file and merge it into the Registry.

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console upon request.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 31 December 2008 - 03:29 PM

Thanks for your help, logs posted below & attached:
----------------------------------------------------------------
ComboFix 08-12-29.02 - Scott 2008-12-31 13:11:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1298 [GMT -6:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\folehabe.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\tibiwedo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-27 13:13 . 2008-12-27 13:13 1,025 --a------ c:\windows\system32\clauth2.dll
2008-12-27 13:13 . 2008-12-27 13:13 1,025 --a------ c:\windows\system32\clauth1.dll
2008-12-27 13:13 . 2008-12-28 21:38 701 --a------ c:\windows\system32\ssprs.tgz
2008-12-27 12:13 . 2008-12-27 12:13 0 --a------ c:\windows\epadmin.INI
2008-12-27 12:09 . 2008-12-27 12:09 1,025 --a------ c:\windows\system32\sysprs7.tgz
2008-12-27 12:09 . 2008-12-27 12:09 1,025 --a------ c:\windows\system32\sysprs7.dll
2008-12-27 12:09 . 2008-12-28 16:02 219 --a------ c:\windows\system32\lsprst7.tgz
2008-12-27 12:09 . 2008-12-28 16:02 16 ---h----- c:\windows\system32\servdat.slm
2008-12-27 12:01 . 1999-08-25 14:57 415,504 --a------ c:\windows\system32\msrepl35.dll
2008-12-27 12:01 . 1998-05-18 02:06 368,912 --a------ c:\windows\system32\VBAR332.DLL
2008-12-27 12:01 . 1998-06-01 14:37 344,064 --a------ c:\windows\system32\msexch35.dll
2008-12-27 12:01 . 1999-07-02 15:08 170,865 --a------ c:\windows\system32\Odbcjet.hlp
2008-12-27 12:01 . 1999-06-10 09:34 123,664 --a------ c:\windows\system32\msjint35.dll
2008-12-27 12:01 . 1999-04-26 20:08 44,304 --a------ c:\windows\system32\msrpfs35.dll
2008-12-27 12:01 . 1998-05-05 11:36 39,424 --a------ c:\windows\system32\JETCOMP.exe
2008-12-27 12:01 . 1999-06-10 09:34 24,848 --a------ c:\windows\system32\msjter35.dll
2008-12-27 12:01 . 1999-07-02 15:08 6,902 --a------ c:\windows\system32\Odbcjet.cnt
2008-12-27 12:00 . 1999-09-29 20:04 1,238,288 --a------ c:\windows\system32\msjt4jlt.dll
2008-12-27 12:00 . 1999-09-28 21:42 1,050,896 --a------ c:\windows\system32\msjet35.dll
2008-12-27 12:00 . 1998-06-01 14:37 294,912 --a------ c:\windows\system32\msxbse35.dll
2008-12-27 12:00 . 1998-06-01 14:37 262,144 --a------ c:\windows\system32\msrd2x35.dll
2008-12-27 12:00 . 1999-09-09 22:06 252,688 --a------ c:\windows\system32\msexcl35.dll
2008-12-27 12:00 . 1999-06-07 18:59 250,128 --a------ c:\windows\system32\mspdox35.dll
2008-12-27 12:00 . 1998-05-13 17:55 200,704 --------- c:\windows\system32\THREED32.OCX
2008-12-27 12:00 . 1999-09-09 22:06 168,720 --a------ c:\windows\system32\msltus35.dll
2008-12-27 12:00 . 1999-09-30 19:21 166,672 --a------ c:\windows\system32\mstext35.dll
2008-12-27 12:00 . 1993-11-23 14:52 21,008 --------- c:\windows\system32\CTL3D.DLL
2008-12-27 11:59 . 2001-06-13 11:12 49,152 --------- c:\windows\system32\INETWH32.dll
2008-12-27 11:59 . 2000-10-19 18:05 25,088 --------- c:\windows\system32\msxml3a.dll
2008-12-27 11:20 . 2008-12-27 11:20 <DIR> d-------- c:\program files\Eagle Point Software
2008-12-23 14:25 . 2008-12-23 14:25 <DIR> d-------- c:\windows\ASTULogTemp
2008-12-23 14:25 . 2008-12-23 14:25 102,413 --a------ c:\windows\system32\ASTULog.cab
2008-12-23 14:25 . 2008-12-23 14:25 1,048 --a------ c:\windows\system32\setup.inf
2008-12-23 14:25 . 2008-12-23 14:25 283 --a------ c:\windows\system32\setup.rpt
2008-12-21 22:24 . 2008-12-21 22:24 <DIR> d-------- c:\documents and settings\Cate\Application Data\SUPERAntiSpyware.com
2008-12-21 22:03 . 2008-12-21 22:03 <DIR> d-------- c:\documents and settings\Missy\Application Data\SUPERAntiSpyware.com
2008-12-21 21:21 . 2008-12-21 21:21 <DIR> d-------- C:\rsit
2008-12-21 21:21 . 2008-12-21 21:21 <DIR> d-------- c:\program files\trend micro
2008-12-21 20:03 . 2008-12-21 20:04 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-20 17:31 . 2008-12-20 21:38 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-20 11:45 . 2008-12-20 11:45 <DIR> d-------- c:\documents and settings\Scott\DoctorWeb
2008-12-19 07:25 . 2008-12-20 07:10 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-19 06:58 . 2008-12-19 06:58 <DIR> d-------- c:\program files\CCleaner
2008-12-18 18:56 . 2008-12-18 18:56 <DIR> d-------- c:\documents and settings\Scott\Application Data\Malwarebytes
2008-12-18 18:27 . 2008-12-18 18:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 18:27 . 2008-12-18 18:27 <DIR> d-------- c:\documents and settings\Missy\Application Data\Malwarebytes
2008-12-18 18:27 . 2008-12-18 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-18 18:27 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 18:27 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-17 19:53 . 2008-12-17 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 19:52 . 2008-12-17 19:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-17 19:52 . 2008-12-17 19:52 <DIR> d-------- c:\documents and settings\Scott\Application Data\SUPERAntiSpyware.com
2008-12-17 19:51 . 2008-12-17 19:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\documents and settings\Scott\windows contacts contact
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\documents and settings\Missy\windows contacts contact
2008-11-14 14:23 . 2008-11-14 14:23 60,744 --a------ c:\documents and settings\Scott\g2mdlhlpx.exe
2008-11-12 13:10 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 13:09 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:35 . 2008-11-12 11:35 <DIR> d-------- c:\program files\Fkeys
2008-11-08 10:37 . 2008-11-21 19:11 <DIR> d-------- c:\documents and settings\Scott\Application Data\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 19:18 --------- d-----w c:\documents and settings\Scott\Application Data\Skype
2008-12-31 19:15 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-31 19:15 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2008-12-31 19:09 --------- d-----w c:\documents and settings\Missy\Application Data\Skype
2008-12-31 14:04 --------- d-----w c:\documents and settings\Missy\Application Data\skypePM
2008-12-30 12:35 --------- d-----w c:\program files\Common Files\Logitech
2008-12-27 17:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 03:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-22 01:52 --------- d-----w c:\program files\Java
2008-12-19 13:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-19 13:13 --------- d-----w c:\program files\Common Files\Adobe
2008-12-16 21:38 --------- d-----w c:\documents and settings\Missy\Application Data\Canon
2008-11-15 01:27 --------- d-----w c:\documents and settings\Missy\Application Data\U3
2008-11-14 20:13 60,744 ----a-w c:\documents and settings\Missy\g2mdlhlpx.exe
2008-11-13 12:39 --------- d-----w c:\documents and settings\Scott\Application Data\U3
2008-11-12 22:02 --------- d-----w c:\documents and settings\Scott\Application Data\skypePM
2008-11-04 03:16 --------- d-----w c:\documents and settings\Missy\Application Data\Move Networks
2008-10-28 21:57 --------- d-----w c:\documents and settings\Clare\Application Data\ESET
2008-10-28 21:57 --------- d-----w c:\documents and settings\Clare\Application Data\Dell
2008-06-11 02:23 168 ----a-w c:\documents and settings\Scott\Application Data\wklnhst.dat
2008-06-10 22:01 1,218 ----a-w c:\documents and settings\Missy\Application Data\wklnhst.dat
2008-09-18 12:24 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091820080919\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-17 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-11-08 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-29 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-29 81920]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2008-01-16 562608]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"nwiz"="nwiz.exe" [2008-01-29 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-01-29 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-11-08 c:\windows\stsystra.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-05-12 50688]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-05-12 679936]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2008-03-13 472320]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2008-01-16 19376]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-04 31592]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6425235e-23a2-11dd-804d-001f3ae47299}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6425235f-23a2-11dd-804d-001f3ae47299}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/mail/?hl=en&tab=wm#inbox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

c:\windows\Downloaded Program Files\NELaunchX.dll - O16 -: {6EEFD7B1-B26C-440D-B55A-1EC677189F30}
hxxps://remote.mccainassociates.com/NELX.cab
c:\windows\Downloaded Program Files\NELaunchX.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 13:18:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1484)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-31 13:20:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-31 19:20:08

Pre-Run: 222,177,550,336 bytes free
Post-Run: 223,396,102,144 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

249 --- E O F --- 2008-11-13 09:04:18



DDS (Version 1.1.0) - NTFSx86
Run by Scott at 14:23:42.87 on Wed 12/31/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1380 [GMT -6:00]

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Scott\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.google.com/mail/?hl=en&tab=wm#inbox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 ekrn;Eset Service;"c:\program files\eset\eset smart security\ekrn.exe" [2008-3-13 472320]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-1-16 19376]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-8-4 31592]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

=============== Created Last 30 ================

2008-12-31 13:09 <DIR> a-dshr-- C:\cmdcons
2008-12-31 13:08 161,792 a------- c:\windows\SWREG.exe
2008-12-31 13:08 98,816 a------- c:\windows\sed.exe
2008-12-31 13:08 <DIR> --d----- C:\ComboFix
2008-12-27 13:13 1,025 a------- c:\windows\system32\clauth2.dll
2008-12-27 13:13 1,025 a------- c:\windows\system32\clauth1.dll
2008-12-27 13:13 701 a------- c:\windows\system32\ssprs.tgz
2008-12-27 12:13 0 a------- c:\windows\epadmin.INI
2008-12-27 12:09 1,025 a------- c:\windows\system32\sysprs7.tgz
2008-12-27 12:09 1,025 a------- c:\windows\system32\sysprs7.dll
2008-12-27 12:09 219 a------- c:\windows\system32\lsprst7.tgz
2008-12-27 12:09 16 ----h--- c:\windows\system32\servdat.slm
2008-12-27 12:01 344,064 a------- c:\windows\system32\msexch35.dll
2008-12-27 12:01 170,865 a------- c:\windows\system32\Odbcjet.hlp
2008-12-27 12:01 123,664 a------- c:\windows\system32\msjint35.dll
2008-12-27 12:01 6,902 a------- c:\windows\system32\Odbcjet.cnt
2008-12-27 12:01 368,912 a------- c:\windows\system32\VBAR332.DLL
2008-12-27 12:01 44,304 a------- c:\windows\system32\msrpfs35.dll
2008-12-27 12:01 415,504 a------- c:\windows\system32\msrepl35.dll
2008-12-27 12:01 39,424 a------- c:\windows\system32\JETCOMP.exe
2008-12-27 12:01 24,848 a------- c:\windows\system32\msjter35.dll
2008-12-27 12:00 294,912 a------- c:\windows\system32\msxbse35.dll
2008-12-27 12:00 166,672 a------- c:\windows\system32\mstext35.dll
2008-12-27 12:00 262,144 a------- c:\windows\system32\msrd2x35.dll
2008-12-27 12:00 250,128 a------- c:\windows\system32\mspdox35.dll
2008-12-27 12:00 168,720 a------- c:\windows\system32\msltus35.dll
2008-12-27 12:00 1,238,288 a------- c:\windows\system32\msjt4jlt.dll
2008-12-27 12:00 1,050,896 a------- c:\windows\system32\msjet35.dll
2008-12-27 12:00 252,688 a------- c:\windows\system32\msexcl35.dll
2008-12-27 12:00 21,008 -------- c:\windows\system32\CTL3D.DLL
2008-12-27 12:00 200,704 -------- c:\windows\system32\THREED32.OCX
2008-12-27 11:59 25,088 -------- c:\windows\system32\msxml3a.dll
2008-12-27 11:59 49,152 -------- c:\windows\system32\INETWH32.dll
2008-12-27 11:20 <DIR> --d----- c:\program files\Eagle Point Software
2008-12-23 14:25 102,413 a------- c:\windows\system32\ASTULog.cab
2008-12-23 14:25 1,048 a------- c:\windows\system32\setup.inf
2008-12-23 14:25 283 a------- c:\windows\system32\setup.rpt
2008-12-23 14:25 <DIR> --d----- c:\windows\ASTULogTemp
2008-12-21 21:21 <DIR> --d----- c:\program files\trend micro
2008-12-21 20:03 <DIR> --d----- c:\program files\SpywareBlaster
2008-12-20 11:45 <DIR> --d----- c:\documents and settings\scott\DoctorWeb
2008-12-19 07:25 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-19 06:58 <DIR> --d----- c:\program files\CCleaner
2008-12-18 18:56 <DIR> --d----- c:\docume~1\scott\applic~1\Malwarebytes
2008-12-18 18:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-18 18:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 18:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 18:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-17 19:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-17 19:52 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-17 19:52 <DIR> --d----- c:\docume~1\scott\applic~1\SUPERAntiSpyware.com
2008-12-17 19:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-11 01:08 <DIR> --d----- c:\documents and settings\scott\windows contacts contact

==================== Find3M ====================

2008-12-31 13:15 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-12-31 13:15 0 a------- c:\windows\system32\drivers\logiflt.iad
2008-12-28 11:20 83,143 a------- c:\windows\system32\nvModes.dat
2008-12-13 00:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-11-14 14:23 60,744 a------- c:\documents and settings\scott\g2mdlhlpx.exe
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 07:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 07:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 10:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 01:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 01:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 04:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-06-10 20:23 168 a------- c:\docume~1\scott\applic~1\wklnhst.dat
2008-09-18 06:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 14:23:52.50 ===============


HAPPY NEW YEAR!

Attached Files



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:51 PM

Posted 31 December 2008 - 04:42 PM

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe) and select "Run as an Administrator.")

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 31 December 2008 - 09:08 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 31, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 31, 2008 20:57:38
Records in database: 1539841
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 66891
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:03:15

No malware has been detected. The scan area is clean.

The selected area was scanned.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:51 PM

Posted 31 December 2008 - 10:12 PM

Hi, dschwake. :thumbsup:

Congratulations.Posted Image

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Posted Image
Create a Restore point (If the above process fails to do so):
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 01 January 2009 - 10:51 AM

Thank you, and thanks to Bleeping Comuputer for all your help, Happy New Year.

#10 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 02 January 2009 - 12:00 PM

I still get a message about Trojan.BHO when I run MBAM, even after I reboot, is this anything to be concerned about?
----------------------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1596
Windows 5.1.2600 Service Pack 3

1/2/2009 10:58:18 AM
mbam-log-2009-01-02 (10-58-12).txt

Scan type: Quick Scan
Objects scanned: 70115
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:51 PM

Posted 02 January 2009 - 04:03 PM

  • Copy the entire contents of the Quote Box below to Notepad.
  • Leave an empty line at the end of the script.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, double click on the fix.reg file and merge it into the Registry.
REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}][-HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}]

Re-scan after a restart. Let me know the outcome

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 06 January 2009 - 10:58 PM

I ran it twice, here are the 2 logs:
-----------------------------------------------------
Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 3

1/6/2009 8:49:48 PM
mbam-log-2009-01-06 (20-49-43).txt

Scan type: Quick Scan
Objects scanned: 81348
Time elapsed: 12 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------
Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 3

1/6/2009 9:55:35 PM
mbam-log-2009-01-06 (21-55-31).txt

Scan type: Quick Scan
Objects scanned: 81281
Time elapsed: 14 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:51 PM

Posted 06 January 2009 - 11:31 PM

Hi, dschwake :thumbsup:

Download the enclosed folder. Save and extract its contents to the desktop. Once extracted open the Regfix folder and click on the batch file with the same name. The MSDOS window will display and the computer will restart.

Re-scan and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 07 January 2009 - 08:15 AM

I think that took care of it
--------------------------------------
Malwarebytes' Anti-Malware 1.32
Database version: 1627
Windows 5.1.2600 Service Pack 3

1/7/2009 7:13:06 AM
mbam-log-2009-01-07 (07-13-06).txt

Scan type: Quick Scan
Objects scanned: 81712
Time elapsed: 12 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:51 PM

Posted 07 January 2009 - 08:31 AM

Nice going! :thumbsup:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users