Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtumonde and ConHook.D


  • This topic is locked This topic is locked
12 replies to this topic

#1 chachu

chachu

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 23 December 2008 - 03:38 PM

Hi everyone. Two days ago, my husband used my computer and went to some less-than-trustworthy sites. I started getting popups, so I ran Spybot S&D, which found a few things and said it repaired them. I ran it again and it still said it was infected with Virtumonde and my popups continued. I downloaded VundoFix which did not find anything. I then downloaded Avira, and I now keep getting notifications from it telling me that ConHook.D.3 and ConHook.D.4 are trying to access two of the .dll files in windows/system32 over and over and over.

Here are the two logs from HijackThis. Please let me know what other info you need, and thank you so much for all your help!

(Edited to add that EMIMS, MDA, and EmdatInscribe are all programs used for my work.)


Logfile of random's system information tool 1.05 (written by random/random)
Run by Ron at 2008-12-23 12:23:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 149 GB (62%) free of 238 GB
Total RAM: 511 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:33 PM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Ron\Desktop\RSIT.exe
C:\Program Files\trend micro\Ron.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {04C99158-673D-47D8-8490-051F03CBBBDB} - C:\WINDOWS\system32\pmnljjgg.dll
O2 - BHO: (no name) - {2E29D6CE-1FF5-4783-AF68-17AD2736A92A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5890477F-0E06-4C6C-9AA2-5DAF97AAF9A4} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccaXpMd.dll
O2 - BHO: (no name) - {7589C5A2-4453-43BD-BB91-65E4B221F50F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.emdat.com (HKLM)
O15 - Trusted Zone: *.mytranscriptions.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rdyanz.dll xnqptf.dll C:\WINDOWS\system32\guard32.dll bzsnnq.dll dbwuvy.dll
O20 - Winlogon Notify: fccaXpMd - C:\WINDOWS\SYSTEM32\fccaXpMd.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7445 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\uqypcenn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04C99158-673D-47D8-8490-051F03CBBBDB}]
C:\WINDOWS\system32\pmnljjgg.dll [2008-12-21 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E29D6CE-1FF5-4783-AF68-17AD2736A92A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5890477F-0E06-4C6C-9AA2-5DAF97AAF9A4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\fccaXpMd.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7589C5A2-4453-43BD-BB91-65E4B221F50F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-08 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-15 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-08 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 155648]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"D-Link RangeBooster G WUA-2340"=C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [2006-09-01 1880064]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2006-06-29 49152]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-12-22 1797880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-08 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"Aim6"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="rdyanz.dll xnqptf.dll C:\WINDOWS\system32\guard32.dll bzsnnq.dll dbwuvy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaXpMd]
C:\WINDOWS\system32\fccaXpMd.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\fccaXpMd.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\pmnljjgg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-23 12:24:37 ----D---- C:\Program Files\trend micro
2008-12-23 12:23:48 ----D---- C:\rsit
2008-12-23 12:03:37 ----SH---- C:\WINDOWS\system32\jveyockk.ini
2008-12-23 12:03:32 ----A---- C:\WINDOWS\system32\kkcoyevj.dll
2008-12-23 12:00:07 ----A---- C:\WINDOWS\system32\dbwuvy.dll
2008-12-23 12:00:06 ----A---- C:\WINDOWS\system32\barjkwhr.dll
2008-12-23 08:31:40 ----SH---- C:\WINDOWS\system32\gfdvvgxd.ini
2008-12-23 08:31:37 ----A---- C:\WINDOWS\system32\dxgvvdfg.dll
2008-12-23 08:22:39 ----A---- C:\WINDOWS\system32\bzsnnq.dll
2008-12-23 08:22:38 ----A---- C:\WINDOWS\system32\jimxanqj.dll
2008-12-22 17:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-12-22 17:45:19 ----A---- C:\WINDOWS\system32\guard32.dll
2008-12-22 17:44:54 ----D---- C:\Program Files\COMODO
2008-12-22 17:12:22 ----ASH---- C:\WINDOWS\system32\ggjjlnmp.ini2
2008-12-22 16:38:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-22 16:13:01 ----D---- C:\VundoFix Backups
2008-12-22 16:13:01 ----A---- C:\VundoFix.txt
2008-12-22 14:06:16 ----A---- C:\WINDOWS\system32\nods32.dll
2008-12-22 10:56:30 ----D---- C:\Program Files\Avira
2008-12-22 10:56:30 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-22 08:22:20 ----A---- C:\WINDOWS\system32\xnqptf.dll
2008-12-22 08:22:19 ----A---- C:\WINDOWS\system32\gsimjkry.dll
2008-12-22 08:20:59 ----ASH---- C:\WINDOWS\system32\ggjjlnmp.ini
2008-12-21 23:13:09 ----A---- C:\WINDOWS\wininit.ini
2008-12-21 22:05:15 ----A---- C:\WINDOWS\system32\rdyanz.dll
2008-12-21 22:02:53 ----A---- C:\WINDOWS\system32\3fa9a183-.txt
2008-12-21 22:02:07 ----A---- C:\WINDOWS\system32\pmnljjgg.dll
2008-12-21 21:52:56 ----D---- C:\Program Files\GetModule
2008-12-21 21:52:53 ----A---- C:\WINDOWS\system32\fccaXpMd.dll
2008-12-21 21:52:30 ----A---- C:\WINDOWS\system32\~.exe
2008-12-17 11:13:45 ----SHD---- C:\RECYCLER
2008-12-17 00:00:21 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-12-17 00:00:13 ----D---- C:\Documents and Settings\Ron\Application Data\Azureus
2008-12-16 23:59:13 ----D---- C:\Program Files\Vuze
2008-12-16 23:59:13 ----D---- C:\Program Files\Common Files\i4j_jres
2008-12-12 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 11:26:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-06 11:26:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 11:08:07 ----D---- C:\WINDOWS\temp
2008-12-06 11:08:05 ----A---- C:\ComboFix.txt
2008-12-06 11:01:17 ----A---- C:\WINDOWS\zip.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\VFIND.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWSC.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWREG.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\sed.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\grep.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\fdsv.exe
2008-12-06 11:01:09 ----D---- C:\WINDOWS\ERDNT
2008-12-06 11:01:09 ----D---- C:\Qoobox
2008-12-01 08:10:03 ----D---- C:\Documents and Settings\Ron\Application Data\MSNInstaller
2008-11-24 16:30:43 ----D---- C:\Documents and Settings\Ron\Application Data\skypePM
2008-11-24 16:29:43 ----D---- C:\Documents and Settings\Ron\Application Data\Skype
2008-11-24 16:29:26 ----D---- C:\Program Files\Skype
2008-11-24 16:29:25 ----D---- C:\Program Files\Common Files\Skype
2008-11-24 16:29:13 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of files/folders modified in the last 1 months======

2008-12-23 12:25:24 ----D---- C:\WINDOWS\Prefetch
2008-12-23 12:24:37 ----RD---- C:\Program Files
2008-12-23 12:05:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-23 12:03:45 ----D---- C:\WINDOWS\system32
2008-12-23 11:56:35 ----D---- C:\WINDOWS
2008-12-23 11:55:53 ----A---- C:\WINDOWS\iTouch.ini
2008-12-23 11:55:08 ----D---- C:\WINDOWS\Registration
2008-12-23 11:54:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 11:53:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-23 11:07:29 ----HD---- C:\WINDOWS\inf
2008-12-22 23:10:56 ----A---- C:\WINDOWS\ModemLog_Dell Data Fax Modem.txt
2008-12-22 22:01:39 ----D---- C:\Program Files\Emdat
2008-12-22 18:53:05 ----SHD---- C:\WINDOWS\Installer
2008-12-22 17:45:18 ----D---- C:\WINDOWS\system32\drivers
2008-12-22 17:25:32 ----SHD---- C:\System Volume Information
2008-12-22 17:25:32 ----D---- C:\WINDOWS\system32\Restore
2008-12-22 15:22:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-22 08:25:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-21 21:53:20 ----SD---- C:\WINDOWS\Tasks
2008-12-21 10:59:49 ----A---- C:\WINDOWS\emdat.ini
2008-12-21 03:00:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-21 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 19:17:07 ----A---- C:\WINDOWS\win.ini
2008-12-18 17:25:05 ----D---- C:\Program Files\EMIMS
2008-12-18 00:04:19 ----SD---- C:\Documents and Settings\Ron\Application Data\Microsoft
2008-12-17 19:52:44 ----D---- C:\sh10
2008-12-16 23:59:13 ----D---- C:\Program Files\Common Files
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:09:18 ----D---- C:\Program Files\Internet Explorer
2008-12-12 03:03:20 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-06 11:05:53 ----A---- C:\WINDOWS\system.ini
2008-12-06 11:04:00 ----D---- C:\WINDOWS\AppPatch
2008-12-05 23:40:26 ----D---- C:\Documents and Settings\Ron\Application Data\Google
2008-12-01 08:10:04 ----D---- C:\Program Files\MSN

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-12-22 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-12-22 31504]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 347648]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-12-22 618232]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2006-07-03 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.05 2008-12-23 12:26:40

======Uninstall list======

-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Express Scribe-->C:\Program Files\NCH Swift Sound\Scribe\uninst.exe
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
openCanvas4.5.15e Plus-->MsiExec.exe /X{EA78A47E-E7DB-4BF1-B5CC-67C8F210EE3C}
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RangeBooster G WUA-2340-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{BA180519-5857-4D89-9EAD-A2248B89AEF7}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shorthand 10.00-->"c:\sh10\unins000.exe"
Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: COMODO Firewall

System event log

Computer Name: GRACELAND
Event Code: 6006
Message: The Event log service was stopped.

Record Number: 4601
Source Name: EventLog
Time Written: 20080909165226.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 7036
Message: The Themes service entered the stopped state.

Record Number: 4600
Source Name: Service Control Manager
Time Written: 20080909165225.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the stopped state.

Record Number: 4599
Source Name: Service Control Manager
Time Written: 20080909165225.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 7036
Message: The Background Intelligent Transfer Service service entered the stopped state.

Record Number: 4598
Source Name: Service Control Manager
Time Written: 20080909165225.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.

Record Number: 4597
Source Name: Service Control Manager
Time Written: 20080909165224.000000-420
Event Type: information
User:

Application event log

Computer Name: GRACELAND
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
The Record Data contains the new values of the system Last Counter and
Last Help registry entries.

Record Number: 792
Source Name: LoadPerf
Time Written: 20081001101615.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 791
Source Name: SecurityCenter
Time Written: 20081001101216.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 0
Message:
Record Number: 790
Source Name: Viewpoint Manager Service
Time Written: 20081001101214.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 0
Message:
Record Number: 789
Source Name: gusvc
Time Written: 20081001101212.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 788
Source Name: Adobe Active File Monitor
Time Written: 20081001101211.000000-420
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=000a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Edited by chachu, 23 December 2008 - 03:42 PM.


BC AdBot (Login to Remove)

 


#2 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:07:49 PM

Posted 26 December 2008 - 11:14 AM

"Welcome to BleepingComputer.com"

I'm Deacon10 or Larry if you prefer and will be working with you to resolve your problems. I am reviewing your log which requires an amount of research, so please be patient.
Just a few notes I tell everybody I work with:
  • Please reply to this thread. Do not start a new topic.
  • If you have any questions or don't understand something please stop and ask before you proceed.
  • Please set aside enough time to complete all the steps in each post and follow these instructions in the order stated.
  • Please don't run any extra "scans or fix" programs not requested by me, it could change the results in the reports I request.
  • If you have circumstances that you are aware of that will delay your response, then please let me know. This is to insure that your topic remains open.
  • Please continue here with me until I tell you your system is free from malware. :thumbsup:
    Just because a symptom disappears does not mean your system is clean.
  • The following fix is specifically designed for this users post and this machine only!
Since the log you submitted is 4 days old, please provide another set of logs using the instructions below.

Please click Start > Run then copy and paste what is bolded below:

"%userprofile%/Desktop/RSIT.exe" /info

Click OK
Once it has finished, two logs will open. Please post the contents of both log.txt will be maximized and info.txt will be minimized)
Deacon10

"Hindsight explains the injury that foresight would have prevented”

#3 chachu

chachu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 26 December 2008 - 02:39 PM

Hi! Thanks so much for all your help. I've been having a heck of a time since my work computer is the one infected. I haven't been able to do any work in the past week! Hopefully we can get this sorted out right quick.

Since I posted the last logs, my computer has been shut off, unplugged and disconnected from the internet. The notifications from Avira seem to be coming even faster, and now I see that I have "ConHook.D.8" in addition to D.3 and D.4. I've gotten 40 notifications just while typing this post!

Here are the logs.

log.txt:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Ron at 2008-12-26 11:33:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 149 GB (62%) free of 238 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:46 AM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Documents and Settings\Ron\Desktop\RSIT.exe
C:\Program Files\trend micro\Ron.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {04C99158-673D-47D8-8490-051F03CBBBDB} - (no file)
O2 - BHO: (no name) - {2E29D6CE-1FF5-4783-AF68-17AD2736A92A} - (no file)
O2 - BHO: (no name) - {4F0010AB-4C66-43D7-B058-0F3C91B1EEB9} - C:\WINDOWS\system32\pmnljjgg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5890477F-0E06-4C6C-9AA2-5DAF97AAF9A4} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccaXpMd.dll
O2 - BHO: (no name) - {7589C5A2-4453-43BD-BB91-65E4B221F50F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.emdat.com (HKLM)
O15 - Trusted Zone: *.mytranscriptions.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rdyanz.dll xnqptf.dll C:\WINDOWS\system32\guard32.dll bzsnnq.dll dbwuvy.dll
O20 - Winlogon Notify: fccaXpMd - C:\WINDOWS\SYSTEM32\fccaXpMd.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7646 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\uqypcenn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04C99158-673D-47D8-8490-051F03CBBBDB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E29D6CE-1FF5-4783-AF68-17AD2736A92A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F0010AB-4C66-43D7-B058-0F3C91B1EEB9}]
C:\WINDOWS\system32\pmnljjgg.dll [2008-12-21 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5890477F-0E06-4C6C-9AA2-5DAF97AAF9A4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\fccaXpMd.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7589C5A2-4453-43BD-BB91-65E4B221F50F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-08 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-15 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-08 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 155648]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"D-Link RangeBooster G WUA-2340"=C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [2006-09-01 1880064]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2006-06-29 49152]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-12-22 1797880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-08 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"Aim6"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="rdyanz.dll xnqptf.dll C:\WINDOWS\system32\guard32.dll bzsnnq.dll dbwuvy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaXpMd]
C:\WINDOWS\system32\fccaXpMd.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\fccaXpMd.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\pmnljjgg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-26 11:32:19 ----SH---- C:\WINDOWS\system32\bpuewvbf.ini
2008-12-26 11:32:14 ----A---- C:\WINDOWS\system32\fbvweupb.dll
2008-12-23 12:24:37 ----D---- C:\Program Files\trend micro
2008-12-23 12:23:48 ----D---- C:\rsit
2008-12-23 12:03:37 ----SH---- C:\WINDOWS\system32\jveyockk.ini
2008-12-23 12:03:32 ----A---- C:\WINDOWS\system32\kkcoyevj.dll
2008-12-23 12:00:07 ----A---- C:\WINDOWS\system32\dbwuvy.dll
2008-12-23 12:00:06 ----A---- C:\WINDOWS\system32\barjkwhr.dll
2008-12-23 08:31:40 ----SH---- C:\WINDOWS\system32\gfdvvgxd.ini
2008-12-23 08:31:37 ----A---- C:\WINDOWS\system32\dxgvvdfg.dll
2008-12-23 08:22:39 ----A---- C:\WINDOWS\system32\bzsnnq.dll
2008-12-23 08:22:38 ----A---- C:\WINDOWS\system32\jimxanqj.dll
2008-12-22 17:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-12-22 17:45:19 ----A---- C:\WINDOWS\system32\guard32.dll
2008-12-22 17:44:54 ----D---- C:\Program Files\COMODO
2008-12-22 17:12:22 ----ASH---- C:\WINDOWS\system32\ggjjlnmp.ini2
2008-12-22 16:38:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-22 16:13:01 ----D---- C:\VundoFix Backups
2008-12-22 16:13:01 ----A---- C:\VundoFix.txt
2008-12-22 14:06:16 ----A---- C:\WINDOWS\system32\nods32.dll
2008-12-22 10:56:30 ----D---- C:\Program Files\Avira
2008-12-22 10:56:30 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-22 08:22:20 ----A---- C:\WINDOWS\system32\xnqptf.dll
2008-12-22 08:22:19 ----A---- C:\WINDOWS\system32\gsimjkry.dll
2008-12-22 08:20:59 ----ASH---- C:\WINDOWS\system32\ggjjlnmp.ini
2008-12-21 23:13:09 ----A---- C:\WINDOWS\wininit.ini
2008-12-21 22:05:15 ----A---- C:\WINDOWS\system32\rdyanz.dll
2008-12-21 22:02:53 ----A---- C:\WINDOWS\system32\3fa9a183-.txt
2008-12-21 22:02:07 ----A---- C:\WINDOWS\system32\pmnljjgg.dll
2008-12-21 21:52:56 ----D---- C:\Program Files\GetModule
2008-12-21 21:52:53 ----A---- C:\WINDOWS\system32\fccaXpMd.dll
2008-12-21 21:52:30 ----A---- C:\WINDOWS\system32\~.exe
2008-12-17 11:13:45 ----SHD---- C:\RECYCLER
2008-12-17 00:00:21 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-12-17 00:00:13 ----D---- C:\Documents and Settings\Ron\Application Data\Azureus
2008-12-16 23:59:13 ----D---- C:\Program Files\Vuze
2008-12-16 23:59:13 ----D---- C:\Program Files\Common Files\i4j_jres
2008-12-12 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 11:26:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-06 11:26:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 11:08:07 ----D---- C:\WINDOWS\temp
2008-12-06 11:08:05 ----A---- C:\ComboFix.txt
2008-12-06 11:01:17 ----A---- C:\WINDOWS\zip.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\VFIND.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWSC.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWREG.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\sed.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\grep.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\fdsv.exe
2008-12-06 11:01:09 ----D---- C:\WINDOWS\ERDNT
2008-12-06 11:01:09 ----D---- C:\Qoobox
2008-12-01 08:10:03 ----D---- C:\Documents and Settings\Ron\Application Data\MSNInstaller

======List of files/folders modified in the last 1 months======

2008-12-26 11:33:12 ----D---- C:\WINDOWS
2008-12-26 11:32:44 ----D---- C:\WINDOWS\Prefetch
2008-12-26 11:32:24 ----D---- C:\WINDOWS\system32
2008-12-26 11:32:06 ----A---- C:\WINDOWS\iTouch.ini
2008-12-26 11:31:20 ----D---- C:\WINDOWS\Registration
2008-12-26 11:30:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 14:36:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-23 14:36:25 ----A---- C:\WINDOWS\ModemLog_Dell Data Fax Modem.txt
2008-12-23 13:43:09 ----D---- C:\Program Files\Mozilla Firefox
2008-12-23 12:24:37 ----RD---- C:\Program Files
2008-12-23 11:27:51 ----D---- C:\Documents and Settings\Ron\Application Data\Skype
2008-12-23 11:07:29 ----HD---- C:\WINDOWS\inf
2008-12-22 22:01:39 ----D---- C:\Program Files\Emdat
2008-12-22 18:53:05 ----SHD---- C:\WINDOWS\Installer
2008-12-22 17:45:18 ----D---- C:\WINDOWS\system32\drivers
2008-12-22 17:25:32 ----SHD---- C:\System Volume Information
2008-12-22 17:25:32 ----D---- C:\WINDOWS\system32\Restore
2008-12-22 15:22:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-22 08:25:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-21 21:53:20 ----SD---- C:\WINDOWS\Tasks
2008-12-21 10:59:49 ----A---- C:\WINDOWS\emdat.ini
2008-12-21 03:00:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-21 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 19:17:07 ----A---- C:\WINDOWS\win.ini
2008-12-18 17:25:05 ----D---- C:\Program Files\EMIMS
2008-12-18 00:04:19 ----SD---- C:\Documents and Settings\Ron\Application Data\Microsoft
2008-12-17 19:52:44 ----D---- C:\sh10
2008-12-16 23:59:13 ----D---- C:\Program Files\Common Files
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:09:18 ----D---- C:\Program Files\Internet Explorer
2008-12-12 03:03:20 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-06 11:05:53 ----A---- C:\WINDOWS\system.ini
2008-12-06 11:04:00 ----D---- C:\WINDOWS\AppPatch
2008-12-05 23:40:26 ----D---- C:\Documents and Settings\Ron\Application Data\Google
2008-12-01 08:10:04 ----D---- C:\Program Files\MSN

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-12-22 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-12-22 31504]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 347648]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-12-22 618232]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2006-07-03 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------




and info.txt



info.txt logfile of random's system information tool 1.05 2008-12-26 11:33:56

======Uninstall list======

-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Express Scribe-->C:\Program Files\NCH Swift Sound\Scribe\uninst.exe
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
openCanvas4.5.15e Plus-->MsiExec.exe /X{EA78A47E-E7DB-4BF1-B5CC-67C8F210EE3C}
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RangeBooster G WUA-2340-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{BA180519-5857-4D89-9EAD-A2248B89AEF7}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shorthand 10.00-->"c:\sh10\unins000.exe"
Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition (outdated)
FW: COMODO Firewall

System event log

Computer Name: GRACELAND
Event Code: 7035
Message: The iPodService service was successfully sent a start control.

Record Number: 4648
Source Name: Service Control Manager
Time Written: 20080910030810.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: GRACELAND
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 4647
Source Name: Service Control Manager
Time Written: 20080910030809.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 4646
Source Name: Service Control Manager
Time Written: 20080910030809.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: GRACELAND
Event Code: 7035
Message: The COM+ System Application service was successfully sent a start control.

Record Number: 4645
Source Name: Service Control Manager
Time Written: 20080910030809.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: GRACELAND
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.

Record Number: 4644
Source Name: Service Control Manager
Time Written: 20080910030809.000000-420
Event Type: information
User:

Application event log

Computer Name: GRACELAND
Event Code: 0
Message:
Record Number: 800
Source Name: gusvc
Time Written: 20081006130839.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 799
Source Name: Adobe Active File Monitor
Time Written: 20081006130839.000000-420
Event Type:
User:

Computer Name: GRACELAND
Event Code: 11707
Message: Product: openCanvas4.5.15e Plus -- Installation operation completed successfully.

Record Number: 798
Source Name: MsiInstaller
Time Written: 20081004220039.000000-420
Event Type: information
User: GRACELAND\Ron

Computer Name: GRACELAND
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 797
Source Name: LoadPerf
Time Written: 20081003183311.000000-420
Event Type: information
User:

Computer Name: GRACELAND
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
The Record Data contains the new values of the system Last Counter and
Last Help registry entries.

Record Number: 796
Source Name: LoadPerf
Time Written: 20081003183311.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=000a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------









Thanks again!

Edited by chachu, 26 December 2008 - 02:43 PM.


#4 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:07:49 PM

Posted 28 December 2008 - 01:04 PM

Hello chachu,

:)
Select the download below that's appropriate for your Operating System and save it to your desktop.
Service Pack 2 will work for Service Pack 3:)
Download the latest copy of ComboFix.exe => http://download.bleepingcomputer.com/sUBs/ComboFix.exe and save it to your Desktop.

Do not run any programs yet...

:thumbsup:
  • Next you should disconnect from the internet
  • NextOpen Spybot and under the mode tab click advanced. A window will open up asking you if you want to make this switch, answer Yes. On the left side click on tools> resident and then UNCHECK "Resident TeaTimer" and close Spybot.
    Please Reboot your computer
    After all of the fixes are complete it is very important that you enable the real-time protection again.
  • Disable Comodo
  • Open Comodo and under the summary tab > Network Defense > change the security level to Disable
  • Disable Avira anitvirus
:)
Drag the file that was saved on your desktop and drop it on the ComboFix icon as shown below
Note that the file name might be different on the image shown below
This will install the Recovery Console on your system.
Posted Image

Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. If you wish to continue, then press the Yes button.

When finished, it will produce a log for you. Post that log in your next reply.

Notes:
* Do not mouseclick ComboFix's window while it's running. That may cause it to stall
* ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
* Don’t forget to enable your anti-virus before coming back online to post your logs.


:bowdown:
Re-enable:
  • Comodo
  • Spybots "Resident TeaTimer"
  • Avira anitvirus
  • Internet connection
:)
Reboot

Run RSIT

Post back with:
RSIT log.txt
ComboFix.log

Deacon10

"Hindsight explains the injury that foresight would have prevented”

#5 chachu

chachu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 28 December 2008 - 02:23 PM

Oh man, thank you so much! I've done just as you asked with no problems, and now the Avira notifications have gone away, no more popups and my performance is back to normal. You guys are lifesavers. :thumbsup:

Here is the ComboFix log:


ComboFix 08-12-28.01 - Ron 2008-12-28 10:43:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.222 [GMT -8:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ron\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ron\Application Data\Google\kjzna1562565.exe
c:\documents and settings\Ron\Application Data\Google\spcffwl.dll
c:\documents and settings\Ron\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\GetModule
c:\windows\system32\~.exe
c:\windows\system32\barjkwhr.dll
c:\windows\system32\bpuewvbf.ini
c:\windows\system32\bwpesz.dll
c:\windows\system32\bzsnnq.dll
c:\windows\system32\dbwuvy.dll
c:\windows\system32\dkwhukay.dll
c:\windows\system32\dxgvvdfg.dll
c:\windows\system32\fbvweupb.dll
c:\windows\system32\fccaXpMd.dll
c:\windows\system32\gfdvvgxd.ini
c:\windows\system32\ggjjlnmp.ini
c:\windows\system32\ggjjlnmp.ini2
c:\windows\system32\gsimjkry.dll
c:\windows\system32\jimxanqj.dll
c:\windows\system32\jveyockk.ini
c:\windows\system32\kkcoyevj.dll
c:\windows\system32\mklagxxg.dll
c:\windows\system32\oxlwyr.dll
c:\windows\system32\pmnljjgg.dll
c:\windows\system32\rdyanz.dll
c:\windows\system32\wpv241229907443.cpx
c:\windows\system32\xnqptf.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-23 12:24 . 2008-12-26 11:33 <DIR> d-------- c:\program files\trend micro
2008-12-23 12:23 . 2008-12-23 12:26 <DIR> d-------- C:\rsit
2008-12-22 17:45 . 2008-12-22 21:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2008-12-22 17:45 . 2008-12-22 17:44 147,192 --a------ c:\windows\system32\guard32.dll
2008-12-22 17:45 . 2008-12-22 17:44 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-12-22 17:45 . 2008-12-22 17:44 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-12-22 17:44 . 2008-12-22 17:44 <DIR> d-------- c:\program files\COMODO
2008-12-22 16:13 . 2008-12-22 16:13 <DIR> d-------- C:\VundoFix Backups
2008-12-22 14:06 . 2008-12-22 14:06 46,592 --a------ c:\windows\system32\nods32.dll
2008-12-22 14:06 . 2008-12-22 14:06 1 --a------ c:\windows\system32\za.dat
2008-12-22 10:56 . 2008-12-22 10:56 <DIR> d-------- c:\program files\Avira
2008-12-22 10:56 . 2008-12-22 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-21 23:13 . 2008-12-22 10:45 153 --a------ c:\windows\wininit.ini
2008-12-17 00:00 . 2008-12-20 23:44 <DIR> d-------- c:\documents and settings\Ron\Application Data\Azureus
2008-12-17 00:00 . 2008-12-17 00:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-12-16 23:59 . 2008-12-16 23:59 <DIR> d-------- c:\program files\Vuze
2008-12-16 23:59 . 2008-12-16 23:59 <DIR> d-------- c:\program files\Common Files\i4j_jres
2008-12-06 11:26 . 2008-12-06 11:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-06 11:26 . 2008-12-06 12:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-01 08:10 . 2008-12-01 08:10 <DIR> d-------- c:\documents and settings\Ron\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-23 19:27 --------- d-----w c:\documents and settings\Ron\Application Data\Skype
2008-12-23 06:01 --------- d-----w c:\program files\Emdat
2008-12-19 01:25 --------- d-----w c:\program files\EMIMS
2008-11-25 00:30 --------- d-----w c:\documents and settings\Ron\Application Data\skypePM
2008-11-25 00:29 --------- d-----w c:\program files\Skype
2008-11-25 00:29 --------- d-----w c:\program files\Common Files\Skype
2008-11-25 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-19 19:20 --------- d-----w c:\program files\AIM6
2008-11-19 19:15 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-19 19:15 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-19 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-11 07:25 --------- d-----w c:\program files\GemMaster
2008-11-11 07:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 07:24 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-11 07:20 --------- d-----w c:\program files\Common Files\Motive
2008-11-11 06:52 --------- d-----w c:\program files\Quicken
2008-10-23 02:55 22,896 ----a-w c:\documents and settings\Ron\Application Data\GDIPFONTCACHEV1.DAT
1999-07-07 00:00 6 --sh--r c:\windows\@@desktop.dat
2008-09-25 06:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_11.06.08.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 10:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2005-08-04 01:29:52 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-11 10:47:52 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2005-08-04 01:29:52 988,672 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-11 10:58:16 988,672 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-12-07 04:14:51 2,330,624 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-11 10:58:24 2,330,624 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-05-09 20:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-22 01:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-10-30 18:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-12-23 01:44:51 79,504 ----a-w c:\windows\system32\drivers\inspect.sys
+ 2007-03-01 17:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2005-08-04 01:29:52 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-11 10:47:52 96,768 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
- 2008-12-06 07:44:29 63,280 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-22 16:25:44 63,280 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-06 07:44:29 405,828 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-22 16:25:44 405,828 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-26 07:24:30 44,544 ------w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2005-08-04 01:29:52 988,672 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-11 10:58:16 988,672 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-12-07 04:14:51 2,330,624 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-11 10:58:24 2,330,624 ----a-w c:\windows\system32\WMVCore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 155648]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2006-09-01 1880064]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-22 1797880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-22 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-22 31504]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-05-08 24652]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2006-05-08 347648]
.
Contents of the 'Scheduled Tasks' folder

2008-12-28 c:\windows\Tasks\uqypcenn.job
- c:\windows\system32\rundll32.exe [2008-04-13 16:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{04C99158-673D-47D8-8490-051F03CBBBDB} - (no file)
BHO-{20dfeba6-9283-43e9-870a-8b899fb13611} - c:\windows\system32\oxlwyr.dll
BHO-{2E29D6CE-1FF5-4783-AF68-17AD2736A92A} - (no file)
BHO-{4F0010AB-4C66-43D7-B058-0F3C91B1EEB9} - (no file)
BHO-{5890477F-0E06-4C6C-9AA2-5DAF97AAF9A4} - (no file)
BHO-{7589C5A2-4453-43BD-BB91-65E4B221F50F} - (no file)
BHO-{8EA3C509-0A97-4B7E-9C11-3D45A7A7E7A3} - c:\windows\system32\pmnljjgg.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: *.emdat.com
Trusted Zone: *.mytranscriptions.com
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\w37ntqv1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 11:10:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-28 11:13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-28 19:12:29
ComboFix2.txt 2008-12-06 19:08:05

Pre-Run: 155,932,110,848 bytes free
Post-Run: 155,918,069,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

380 --- E O F --- 2008-12-21 11:00:58




And here is the RSIT log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ron at 2008-12-28 11:19:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 149 GB (62%) free of 238 GB
Total RAM: 511 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:26 AM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ron\Desktop\RSIT.exe
C:\Program Files\trend micro\Ron.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {04C99158-673D-47D8-8490-051F03CBBBDB} - (no file)
O2 - BHO: (no name) - {2E29D6CE-1FF5-4783-AF68-17AD2736A92A} - (no file)
O2 - BHO: (no name) - {4F0010AB-4C66-43D7-B058-0F3C91B1EEB9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5890477F-0E06-4C6C-9AA2-5DAF97AAF9A4} - (no file)
O2 - BHO: (no name) - {6873E645-C199-41AD-BF1F-400084198DF0} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: (no name) - {7589C5A2-4453-43BD-BB91-65E4B221F50F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.emdat.com (HKLM)
O15 - Trusted Zone: *.mytranscriptions.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fccaXpMd - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7250 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\uqypcenn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04C99158-673D-47D8-8490-051F03CBBBDB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E29D6CE-1FF5-4783-AF68-17AD2736A92A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F0010AB-4C66-43D7-B058-0F3C91B1EEB9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5890477F-0E06-4C6C-9AA2-5DAF97AAF9A4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6873E645-C199-41AD-BF1F-400084198DF0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7589C5A2-4453-43BD-BB91-65E4B221F50F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-08 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-15 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-08 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 155648]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"D-Link RangeBooster G WUA-2340"=C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [2006-09-01 1880064]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2006-06-29 49152]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-12-22 1797880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-08 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaXpMd]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-28 11:13:54 ----D---- C:\WINDOWS\temp
2008-12-28 11:13:52 ----A---- C:\ComboFix.txt
2008-12-28 10:41:14 ----A---- C:\Boot.bak
2008-12-28 10:41:04 ----RASHD---- C:\cmdcons
2008-12-23 12:24:37 ----D---- C:\Program Files\trend micro
2008-12-23 12:23:48 ----D---- C:\rsit
2008-12-22 17:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-12-22 17:45:19 ----A---- C:\WINDOWS\system32\guard32.dll
2008-12-22 17:44:54 ----D---- C:\Program Files\COMODO
2008-12-22 16:38:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-22 16:13:01 ----D---- C:\VundoFix Backups
2008-12-22 16:13:01 ----A---- C:\VundoFix.txt
2008-12-22 14:06:16 ----A---- C:\WINDOWS\system32\nods32.dll
2008-12-22 10:56:30 ----D---- C:\Program Files\Avira
2008-12-22 10:56:30 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-21 23:13:09 ----A---- C:\WINDOWS\wininit.ini
2008-12-21 22:02:53 ----A---- C:\WINDOWS\system32\3fa9a183-.txt
2008-12-17 00:00:21 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-12-17 00:00:13 ----D---- C:\Documents and Settings\Ron\Application Data\Azureus
2008-12-16 23:59:13 ----D---- C:\Program Files\Vuze
2008-12-16 23:59:13 ----D---- C:\Program Files\Common Files\i4j_jres
2008-12-12 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 11:26:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-06 11:26:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 11:01:17 ----A---- C:\WINDOWS\zip.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\VFIND.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWSC.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWREG.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\sed.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\grep.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\fdsv.exe
2008-12-06 11:01:09 ----D---- C:\WINDOWS\ERDNT
2008-12-06 11:01:09 ----D---- C:\Qoobox
2008-12-01 08:10:03 ----D---- C:\Documents and Settings\Ron\Application Data\MSNInstaller

======List of files/folders modified in the last 1 months======

2008-12-28 11:18:31 ----D---- C:\WINDOWS
2008-12-28 11:18:25 ----A---- C:\WINDOWS\iTouch.ini
2008-12-28 11:17:06 ----D---- C:\WINDOWS\Registration
2008-12-28 11:16:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-28 11:16:05 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-28 11:13:57 ----D---- C:\WINDOWS\system32\drivers
2008-12-28 11:13:57 ----D---- C:\WINDOWS\system32
2008-12-28 11:10:22 ----D---- C:\WINDOWS\Prefetch
2008-12-28 11:10:20 ----A---- C:\WINDOWS\system.ini
2008-12-28 11:01:00 ----D---- C:\WINDOWS\system32\config
2008-12-28 10:46:03 ----D---- C:\WINDOWS\AppPatch
2008-12-28 10:46:03 ----D---- C:\Program Files\Common Files
2008-12-28 10:45:30 ----D---- C:\Documents and Settings\Ron\Application Data\Google
2008-12-28 10:44:17 ----RD---- C:\Program Files
2008-12-28 10:41:15 ----RASH---- C:\boot.ini
2008-12-28 10:27:07 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-28 10:24:09 ----D---- C:\Program Files\Mozilla Firefox
2008-12-23 14:36:25 ----A---- C:\WINDOWS\ModemLog_Dell Data Fax Modem.txt
2008-12-23 11:27:51 ----D---- C:\Documents and Settings\Ron\Application Data\Skype
2008-12-23 11:07:29 ----HD---- C:\WINDOWS\inf
2008-12-22 22:01:39 ----D---- C:\Program Files\Emdat
2008-12-22 18:53:05 ----SHD---- C:\WINDOWS\Installer
2008-12-22 17:25:32 ----SHD---- C:\System Volume Information
2008-12-22 17:25:32 ----D---- C:\WINDOWS\system32\Restore
2008-12-22 08:25:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-21 21:53:20 ----SD---- C:\WINDOWS\Tasks
2008-12-21 10:59:49 ----A---- C:\WINDOWS\emdat.ini
2008-12-21 03:00:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-21 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 19:17:07 ----A---- C:\WINDOWS\win.ini
2008-12-18 17:25:05 ----D---- C:\Program Files\EMIMS
2008-12-18 00:04:19 ----SD---- C:\Documents and Settings\Ron\Application Data\Microsoft
2008-12-17 19:52:44 ----D---- C:\sh10
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:09:18 ----D---- C:\Program Files\Internet Explorer
2008-12-12 03:03:20 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-01 08:10:04 ----D---- C:\Program Files\MSN

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-12-22 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-12-22 31504]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 347648]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-12-22 618232]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2006-07-03 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------


Again, thank you! I can't believe it.

#6 chachu

chachu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 28 December 2008 - 07:24 PM

I guess ConHook wasn't totally deleted as I did get (only one) Avira notification about it trying to access a file in C:\System Volume Information, I think. Hopefully my logs will tell you more. :thumbsup: My PC's performance is infinitely better, and I haven't gotten any popups at all and only the one notification from Avira (versus the 200+ per hour that I got before).

#7 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:07:49 PM

Posted 28 December 2008 - 07:37 PM

Hello,
I'm glad things are looking better. The error you are getting is expected and will be dealt with in a future post.
Deacon10

"Hindsight explains the injury that foresight would have prevented”

#8 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:07:49 PM

Posted 29 December 2008 - 02:15 PM

Hi, I'm glad things are looking up. We have a bit of clean-up to do now.
And you are very welcome!

:)
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus Vuze

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. This practice may be the source of your current malware infestation.

To Remove:

Go to Start -> Control Panel -> Add/Remove Programs -> uninstall Azureus Vuze or any variation.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

:)
  • Next you should disconnect from the internet
  • NextOpen Spybot and under the mode tab click advanced. A window will open up asking you if you want to make this switch, answer Yes. On the left side click on tools> resident and then UNCHECK "Resident TeaTimer" and close Spybot.
    Please Reboot your computer
    After all of the fixes are complete it is very important that you enable the real-time protection again.
  • Disable Comodo
  • Open Comodo and under the summary tab > Network Defense > change the security level to Disable
  • Disable Avira anitvirus
:thumbsup:
Open Notepad (not WordPad). Highlight the text in the Code box below and copy and paste it to NotePad. Be sure to copy the entire contents of the code box and nothing more. Save the file to your desktop as CFScript.txt. To do this, in Notepad, click File–>Save As. In the pop up box, be sure that “Text Document (*.txt)” is selected in the “Save as type:” option.

File::
C:\WINDOWS\tasks\uqypcenn.job

Folder::
C:\Program Files\Vuze

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04C99158-673D-47D8-8490-051F03CBBBDB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E29D6CE-1FF5-4783-AF68-17AD2736A92A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F0010AB-4C66-43D7-B058-0F3C91B1EEB9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5890477F-0E06-4C6C-9AA2-5DAF97AAF9A4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6873E645-C199-41AD-BF1F-400084198DF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7589C5A2-4453-43BD-BB91-65E4B221F50F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaXpMd]


Save this as CFScript.txt
Drag CFScript.txt onto ComboFix.exe
See how this is done:

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

This will cause ComboFix to produce another log
Note: Do not mouse-click combofix's window while it's running. That may cause it to stall.
Post back with the new ComboFix.txt log and a new RSIT LOG
Deacon10

"Hindsight explains the injury that foresight would have prevented”

#9 chachu

chachu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 29 December 2008 - 06:13 PM

Here is the CF log:

ComboFix 08-12-28.01 - Ron 2008-12-29 15:21:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.253 [GMT -8:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ron\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\tasks\uqypcenn.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Vuze
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.32
c:\windows\tasks\uqypcenn.job

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.

2008-12-23 12:24 . 2008-12-28 11:19 <DIR> d-------- c:\program files\trend micro
2008-12-23 12:23 . 2008-12-23 12:26 <DIR> d-------- C:\rsit
2008-12-22 17:45 . 2008-12-22 21:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2008-12-22 17:45 . 2008-12-22 17:44 147,192 --a------ c:\windows\system32\guard32.dll
2008-12-22 17:45 . 2008-12-22 17:44 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-12-22 17:45 . 2008-12-22 17:44 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-12-22 17:44 . 2008-12-22 17:44 <DIR> d-------- c:\program files\COMODO
2008-12-22 16:13 . 2008-12-22 16:13 <DIR> d-------- C:\VundoFix Backups
2008-12-22 14:06 . 2008-12-22 14:06 1 --a------ c:\windows\system32\za.dat
2008-12-22 10:56 . 2008-12-22 10:56 <DIR> d-------- c:\program files\Avira
2008-12-22 10:56 . 2008-12-22 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-21 23:13 . 2008-12-22 10:45 153 --a------ c:\windows\wininit.ini
2008-12-17 00:00 . 2008-12-20 23:44 <DIR> d-------- c:\documents and settings\Ron\Application Data\Azureus
2008-12-17 00:00 . 2008-12-17 00:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-12-16 23:59 . 2008-12-16 23:59 <DIR> d-------- c:\program files\Common Files\i4j_jres
2008-12-06 11:26 . 2008-12-06 11:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-06 11:26 . 2008-12-06 12:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-01 08:10 . 2008-12-01 08:10 <DIR> d-------- c:\documents and settings\Ron\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:15 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-29 23:11 --------- d-----w c:\program files\Emdat
2008-12-29 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-23 19:27 --------- d-----w c:\documents and settings\Ron\Application Data\Skype
2008-12-19 01:25 --------- d-----w c:\program files\EMIMS
2008-11-25 00:30 --------- d-----w c:\documents and settings\Ron\Application Data\skypePM
2008-11-25 00:29 --------- d-----w c:\program files\Skype
2008-11-25 00:29 --------- d-----w c:\program files\Common Files\Skype
2008-11-25 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-19 19:20 --------- d-----w c:\program files\AIM6
2008-11-19 19:15 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-19 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-11 07:25 --------- d-----w c:\program files\GemMaster
2008-11-11 07:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 07:24 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-11 07:20 --------- d-----w c:\program files\Common Files\Motive
2008-11-11 06:52 --------- d-----w c:\program files\Quicken
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 02:55 22,896 ----a-w c:\documents and settings\Ron\Application Data\GDIPFONTCACHEV1.DAT
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
1999-07-07 00:00 6 --sh--r c:\windows\@@desktop.dat
2008-09-25 06:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 155648]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2006-09-01 1880064]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-22 1797880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-22 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-22 31504]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2006-05-08 347648]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-EmdatInstaller - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: *.emdat.com
Trusted Zone: *.mytranscriptions.com
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\w37ntqv1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 15:24:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-12-29 15:27:18
ComboFix-quarantined-files.txt 2008-12-29 23:25:58
ComboFix2.txt 2008-12-28 19:13:52
ComboFix3.txt 2008-12-06 19:08:05

Pre-Run: 155,944,919,040 bytes free
Post-Run: 155,933,495,296 bytes free

152 --- E O F --- 2008-12-21 11:00:58




And here is the RSIT log:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Ron at 2008-12-29 15:27:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 149 GB (62%) free of 238 GB
Total RAM: 511 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:41 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ron\Desktop\RSIT.exe
C:\Program Files\trend micro\Ron.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.emdat.com (HKLM)
O15 - Trusted Zone: *.mytranscriptions.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

--
End of file - 6306 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-08 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-15 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-08 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 155648]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"D-Link RangeBooster G WUA-2340"=C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [2006-09-01 1880064]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2006-06-29 49152]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-12-22 1797880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-08 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-29 15:27:22 ----D---- C:\WINDOWS\temp
2008-12-29 15:27:20 ----A---- C:\ComboFix.txt
2008-12-28 10:41:14 ----A---- C:\Boot.bak
2008-12-28 10:41:04 ----RASHD---- C:\cmdcons
2008-12-23 12:24:37 ----D---- C:\Program Files\trend micro
2008-12-23 12:23:48 ----D---- C:\rsit
2008-12-22 17:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-12-22 17:45:19 ----A---- C:\WINDOWS\system32\guard32.dll
2008-12-22 17:44:54 ----D---- C:\Program Files\COMODO
2008-12-22 16:38:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-22 16:13:01 ----D---- C:\VundoFix Backups
2008-12-22 16:13:01 ----A---- C:\VundoFix.txt
2008-12-22 10:56:30 ----D---- C:\Program Files\Avira
2008-12-22 10:56:30 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-21 23:13:09 ----A---- C:\WINDOWS\wininit.ini
2008-12-21 22:02:53 ----A---- C:\WINDOWS\system32\3fa9a183-.txt
2008-12-17 00:00:21 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-12-17 00:00:13 ----D---- C:\Documents and Settings\Ron\Application Data\Azureus
2008-12-16 23:59:13 ----D---- C:\Program Files\Common Files\i4j_jres
2008-12-12 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 11:26:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-06 11:26:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 11:01:17 ----A---- C:\WINDOWS\zip.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\VFIND.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWSC.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\SWREG.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\sed.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\grep.exe
2008-12-06 11:01:17 ----A---- C:\WINDOWS\fdsv.exe
2008-12-06 11:01:09 ----D---- C:\WINDOWS\ERDNT
2008-12-06 11:01:09 ----D---- C:\Qoobox
2008-12-01 08:10:03 ----D---- C:\Documents and Settings\Ron\Application Data\MSNInstaller

======List of files/folders modified in the last 1 months======

2008-12-29 15:27:41 ----D---- C:\WINDOWS\Prefetch
2008-12-29 15:27:25 ----D---- C:\WINDOWS\system32
2008-12-29 15:27:22 ----D---- C:\WINDOWS
2008-12-29 15:26:19 ----A---- C:\WINDOWS\iTouch.ini
2008-12-29 15:24:34 ----A---- C:\WINDOWS\system.ini
2008-12-29 15:23:03 ----D---- C:\WINDOWS\system32\drivers
2008-12-29 15:23:02 ----D---- C:\Program Files\Common Files
2008-12-29 15:23:01 ----D---- C:\WINDOWS\AppPatch
2008-12-29 15:21:41 ----SD---- C:\WINDOWS\Tasks
2008-12-29 15:21:41 ----RD---- C:\Program Files
2008-12-29 15:20:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-29 15:18:01 ----D---- C:\WINDOWS\Registration
2008-12-29 15:16:35 ----A---- C:\WINDOWS\ModemLog_Dell Data Fax Modem.txt
2008-12-29 15:16:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-29 15:15:00 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-29 15:11:52 ----HD---- C:\WINDOWS\inf
2008-12-29 15:11:50 ----D---- C:\Program Files\Emdat
2008-12-29 15:08:32 ----D---- C:\Program Files\Mozilla Firefox
2008-12-29 11:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-28 11:01:00 ----D---- C:\WINDOWS\system32\config
2008-12-28 10:45:30 ----D---- C:\Documents and Settings\Ron\Application Data\Google
2008-12-28 10:41:15 ----RASH---- C:\boot.ini
2008-12-23 11:27:51 ----D---- C:\Documents and Settings\Ron\Application Data\Skype
2008-12-22 18:53:05 ----SHD---- C:\WINDOWS\Installer
2008-12-22 17:25:32 ----SHD---- C:\System Volume Information
2008-12-22 17:25:32 ----D---- C:\WINDOWS\system32\Restore
2008-12-22 08:25:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-21 10:59:49 ----A---- C:\WINDOWS\emdat.ini
2008-12-21 03:00:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-21 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 19:17:07 ----A---- C:\WINDOWS\win.ini
2008-12-18 17:25:05 ----D---- C:\Program Files\EMIMS
2008-12-18 00:04:19 ----SD---- C:\Documents and Settings\Ron\Application Data\Microsoft
2008-12-17 19:52:44 ----D---- C:\sh10
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:09:18 ----D---- C:\Program Files\Internet Explorer
2008-12-12 03:03:20 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-01 08:10:04 ----D---- C:\Program Files\MSN

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-12-22 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-12-22 31504]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 347648]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-12-22 618232]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2006-07-03 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------

Edited by chachu, 29 December 2008 - 06:30 PM.


#10 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:07:49 PM

Posted 30 December 2008 - 01:53 PM

Hi chachu,


Your logs appear clear of any malware. :thumbsup:

Removal of software we installed should be done at this time.

:)
Go to Start > Run > copy and paste next command in the field: ComboFix /u
Make sure there's a space between Combofix and /u
Then hit Enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

I would like you to read the following information which I have placed below as a general read through to help keep your computer free from infection.

Update windows on a regular basis - If you do not have automatic updates enabled then
Visit Microsoft's Update Page and update your computer from there

Let your anti-virus and anti-spyware programs scan your computer frequently and don't forget to update before scanning.

Keep an eye on your firewall. Check what it wants to allow. Do not simply allow everything. If there are any processes that you are unsure of, then don't be afraid to ask for advice.

Consider using an alternative browser.
Other browsers tend to be more secure than Internet Explorer because they do not use ActiveX objects. Some ActiveX objects can infect your computer. Safer, non-ActiveX browsers include Opera and Firefox.

Since some malware can be found in temporary folders, you could run CCleaner on a regular basis to delete the files in the temporary folders on your computer.
Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

• Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.


In the Applications Tab: • Clean all except cookies in the Firefox/Mozilla section if you use it.

• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Also, I recommend this article by TonyKlein.
->So How Did I Get Infected In First Place?

If you are still experiencing any problems or wish to ask any further questions then please feel free to post back.

Good luck and happy surfing.

Regards
Deacon10
Deacon10

"Hindsight explains the injury that foresight would have prevented”

#11 chachu

chachu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 30 December 2008 - 02:49 PM

Oh gosh, thank you so much! I can't tell you how amazed I am; I've gotten infected before and just had to give up and reinstall Windows. :thumbsup: You guys do a great job.

Thanks again!

#12 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:07:49 PM

Posted 30 December 2008 - 03:14 PM

You are very welcome! :thumbsup:
Deacon10

"Hindsight explains the injury that foresight would have prevented”

#13 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 01 January 2009 - 12:58 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users