Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with not sure what ... can't start auto update


  • This topic is locked This topic is locked
9 replies to this topic

#1 ruggo

ruggo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 26 December 2008 - 01:06 PM

Hi All,

I recently started having issues with my laptop.... pop up windows for "anti virus removal tools" Firefox windows popping up, ect. I then tried to run MS auto update but that is stuck in disable mode. My Symantec AV has a dat file from October so that hasn't been operational in some time. Any help will be appreciated. I pasted the Hijack this log below with some sensitive info modified out.

thanks in advance for any help!

- ruggo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:52 PM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
c:\program files\verizon wireless\venturi\Configurator\ventcfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bbodio.UTD\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [40c36889] rundll32.exe "C:\WINDOWS\system32\povmtyqb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\12345.678\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://12.23456.com/CACHE/stc/1/binaries/xxxxxx.cab
O16 - DPF: {B996510E-30C9-4083-ADB9-9FD3760D689D} (APC InfraStruXure Manager Client Control) - http://10.10.10.10/ApcIsxInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = 123.COM
O17 - HKLM\Software\..\Telephony: DomainName = 123.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EC6718-52AF-495B-960F-9AC9A481176C}: NameServer = xx.xxx.xxx.xx xxxxxxxxx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = 123.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 123.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 123.com
O20 - AppInit_DLLs: urlmog.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7521 bytes

Edited by ruggo, 26 December 2008 - 03:39 PM.


BC AdBot (Login to Remove)

 


#2 ruggo

ruggo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 02 January 2009 - 01:24 PM

bump

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 05 January 2009 - 09:30 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 ruggo

ruggo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 06 January 2009 - 08:41 PM

fenzodahl512 thank you for your help!!!



Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 3

1/6/2009 8:00:06 PM
mbam-log-2009-01-06 (20-00-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 114771
Time elapsed: 47 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 6
Registry Keys Infected: 27
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 28

Memory Processes Infected:
C:\Documents and Settings\bbodio.UTD\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\efbsxrsh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iifgFWOG.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urlmog.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkKcARJ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\suvmugiq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ggfkej.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87c117b2-6c95-4b45-b19c-a4b71c6d8f4d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{87c117b2-6c95-4b45-b19c-a4b71c6d8f4d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9561053-070c-4044-bd76-02efc33618b4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9561053-070c-4044-bd76-02efc33618b4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkcarj (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87c117b2-6c95-4b45-b19c-a4b71c6d8f4d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9561053-070c-4044-bd76-02efc33618b4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\40c36889 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifgfwog -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifgfwog -> Delete on reboot.

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iifgFWOG.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\GOWFgfii.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\GOWFgfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ggfkej.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efbsxrsh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hsrxsbfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\povmtyqb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bqytmvop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urlmog.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkKcARJ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\suvmugiq.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\bbodio.UTD\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Local Settings\Temp\mxnwsaocer.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Local Settings\Temp\wseoacnrmx.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Local Settings\Temporary Internet Files\Content.IE5\4TA7ODUB\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Local Settings\Temporary Internet Files\Content.IE5\CTKHUROP\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Local Settings\Temporary Internet Files\Content.IE5\CTKHUROP\winsinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Local Settings\Temporary Internet Files\Content.IE5\KX6N05QV\155[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bbodio.UTD\Local Settings\Temporary Internet Files\Content.IE5\ONQLWZOV\152[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0A5978E4-90D9-4162-95DD-9234D4C3AF01}\RP250\A0066924.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnMcAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svyhhmso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdEXPi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRLcyY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#5 ruggo

ruggo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 06 January 2009 - 08:42 PM

info.txt logfile of random's system information tool 1.05 2009-01-06 20:17:14

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Cisco ASDM Launcher-->MsiExec.exe /X{B74B63A3-DF69-46EA-BFB8-08912C00CE11}
Cisco Clean Access Agent-->MsiExec.exe /X{41C18715-AFF0-49E9-B940-287A50532D33}
Cisco SSL VPN Client-->C:\Program Files\Cisco Systems\SSL VPN Client\uninstall.exe
Cisco Systems VPN Client 5.0.02.0090-->MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE}
Curitel PC Card Software-->C:\Program Files\CURITEL\Curitel PC Card\PTDWUninstall.exe
DameWare NT Utilities-->MsiExec.exe /I{C2B05025-BF5D-492C-AB6A-E7A15C0E276F}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Ethereal 0.10.13-->"C:\Program Files\Ethereal\uninstall.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Documents and Settings\bbodio.UTD\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Smart Web Printing 1.0-->MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Hummingbird Connectivity Secure Shell 10-->MsiExec.exe /I{67DE738B-029F-4E23-8DC8-710AAF32E20E}
Hummingbird Exceed 10-->MsiExec.exe /I{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{181934AF-3E7B-450D-804F-2B812E018ED1}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mobile Net Switch-->MsiExec.exe /X{9EEE2E92-B0E8-49A5-9B69-7A370F2781F4}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
PCTEL 2304WT V.9x MDC Modem Drivers-->ptuninst.exe
PuTTY version 0.58-->"C:\Program Files\PuTTY\unins000.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SigmaTel AC97 Audio Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Sonic CinePlayer DVD Pack-->MsiExec.exe /I{D4576E0D-2295-4B8E-B663-B68086B00EE5}
Symantec AntiVirus-->MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
Symantec pcAnywhere-->MsiExec.exe /I{115E8183-866A-11D3-97DF-0000F8D8F2E9}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Venturi Client 3.1.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\Setup.exe" -l0x9 -vuninstall
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinSCP 3.7.4-->"C:\Program Files\WinSCP3\unins000.exe"

======Security center information======

AV: Symantec AntiVirus Corporate Edition (outdated)

System event log

Computer Name: OBIWAN
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 28935
Source Name: Service Control Manager
Time Written: 20081230055956.000000-300
Event Type: information
User:

Computer Name: OBIWAN
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 28934
Source Name: Service Control Manager
Time Written: 20081230055455.000000-300
Event Type: information
User:

Computer Name: OBIWAN
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 28933
Source Name: Service Control Manager
Time Written: 20081230054954.000000-300
Event Type: information
User:

Computer Name: OBIWAN
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 28932
Source Name: Service Control Manager
Time Written: 20081230054453.000000-300
Event Type: information
User:

Computer Name: OBIWAN
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 28931
Source Name: Service Control Manager
Time Written: 20081230053952.000000-300
Event Type: information
User:

Application event log

Computer Name: OBIWAN
Event Code: 1
Message:
Function: CAutoProxy ::LoadAutoProxyStrings
Return code: 0xFE1B001C
File: e:\temp\build\workspace\SSLClient\Agent\AutoProxy.cpp
Line: 574
Description: SSL_ERROR_CONN_GET_AUTOPROXY


Record Number: 14815
Source Name: STCAgent
Time Written: 20081226102840.000000-300
Event Type: error
User:

Computer Name: OBIWAN
Event Code: 15
Message: The VPN client found no auto proxy url configured in in Windows

Record Number: 14814
Source Name: STCAgent
Time Written: 20081226102840.000000-300
Event Type: information
User:

Computer Name: OBIWAN
Event Code: 1
Message:
Function: GetRasEntryName
Return code: 0xFE1F0008
File: e:\temp\build\workspace\SSLClient\Agent\BrowserProxyIE.cpp
Line: 979
Description: BROWSERPROXY_ERROR_RASENUMENTRY


Record Number: 14813
Source Name: STCAgent
Time Written: 20081226102840.000000-300
Event Type: error
User:

Computer Name: OBIWAN
Event Code: 1
Message:
Function: RasEnumEntries
Return code: 0
File: e:\temp\build\workspace\SSLClient\Agent\BrowserProxyIE.cpp
Line: 790
Description: unknown


Record Number: 14812
Source Name: STCAgent
Time Written: 20081226102840.000000-300
Event Type: error
User:

Computer Name: OBIWAN
Event Code: 24
Message: Initiating SSL VPN connection. SVC Version 1, 1, 3, 173

Record Number: 14811
Source Name: STCAgent
Time Written: 20081226102837.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Oracle\product\10.1.0\Client_1\bin;C:\Oracle\product\10.1.0\Client_1\jre\1.4.2\bin\client;C:\Oracle\product\10.1.0\Client_1\jre\1.4.2\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;%HummPATH%;C:\Program Files\Symantec\pcAnywhere\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"HummPATH"=C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\;

-----------------EOF-----------------

#6 ruggo

ruggo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 06 January 2009 - 08:47 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by user at 2009-01-06 20:16:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (75%) free of 38 GB
Total RAM: 510 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:10 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
c:\program files\verizon wireless\venturi\Configurator\ventcfg.exe
C:\Documents and Settings\bbodio.UTD\Desktop\RSIT.exe
C:\Documents and Settings\bbodio.UTD\Desktop\bbodio.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://ra.uptodate.com/CACHE/stc/1/binaries/stcweb.cab
O16 - DPF: {B996510E-30C9-4083-ADB9-9FD3760D689D} (APC InfraStruXure Manager Client Control) - http://10.1.254.252/ApcIsxInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UTD.COM
O17 - HKLM\Software\..\Telephony: DomainName = UTD.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EC6718-52AF-495B-960F-9AC9A481176C}: NameServer = 66.174.95.44 66.174.92.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = UTD.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = utd.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = utd.com
O20 - AppInit_DLLs: ggfkej.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7999 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\nylkbvsx.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-10-27 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-10-27 118784]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-05-28 86016]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2003-02-24 163840]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-08-20 151552]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe [2004-09-28 32881]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico

C:\Documents and Settings\bbodio.UTD\Start Menu\Programs\Startup
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ggfkej.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-27 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2004-11-01 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll [2003-06-20 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\xstart.exe"="C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\xstart.exe:*:Enabled:Xstart for Win32"
"C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\exceed.exe"="C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\exceed.exe:*:Enabled:X Server for Win32"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-06 20:16:58 ----D---- C:\rsit
2009-01-06 19:09:14 ----D---- C:\Documents and Settings\bbodio.UTD\Application Data\Malwarebytes
2009-01-06 19:08:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-06 19:08:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-26 10:22:33 ----A---- C:\WINDOWS\system32\4be0acf7-.txt
2008-12-19 06:33:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-13 13:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 13:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 13:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 13:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 13:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-25 07:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-25 07:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-23 20:39:16 ----D---- C:\WINDOWS\Prefetch
2008-11-23 20:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-23 20:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-23 20:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-23 20:36:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-23 20:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-23 20:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-23 20:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-23 20:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-23 20:35:06 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-23 20:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-23 20:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-23 20:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-23 20:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-23 20:34:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-23 20:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-23 20:34:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-23 20:33:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-23 20:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-23 20:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-23 20:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-23 20:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-23 20:27:22 ----D---- C:\WINDOWS\system32\en-us
2008-11-23 20:27:21 ----D---- C:\WINDOWS\system32\scripting
2008-11-23 20:27:19 ----D---- C:\WINDOWS\l2schemas
2008-11-23 20:27:18 ----D---- C:\WINDOWS\system32\en
2008-11-23 20:27:17 ----D---- C:\WINDOWS\system32\bits
2008-11-23 20:22:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-23 20:18:39 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 20:11:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-23 19:55:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-23 19:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-10-25 19:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-25 19:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-25 19:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-25 19:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-25 19:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-25 19:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-25 19:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$

======List of files/folders modified in the last 3 months======

2009-01-06 20:16:56 ----A---- C:\WINDOWS\ModemLog_Curitel PC Card (UDP).txt
2009-01-06 20:15:52 ----D---- C:\WINDOWS\system32
2009-01-06 20:15:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-06 20:13:13 ----D---- C:\Program Files\Mozilla Firefox
2009-01-06 20:12:23 ----D---- C:\WINDOWS\Temp
2009-01-06 20:11:58 ----D---- C:\Program Files\Symantec AntiVirus
2009-01-06 20:11:05 ----D---- C:\WINDOWS\system32\drivers
2009-01-06 20:10:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 20:00:01 ----RD---- C:\Program Files
2009-01-05 20:31:09 ----D---- C:\WINDOWS
2009-01-05 19:55:31 ----SHD---- C:\WINDOWS\CSC
2008-12-27 16:24:12 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-27 16:23:36 ----HD---- C:\WINDOWS\inf
2008-12-27 11:31:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-26 12:32:26 ----D---- C:\WINDOWS\security
2008-12-26 10:16:45 ----SD---- C:\WINDOWS\Tasks
2008-12-19 06:34:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 06:32:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 13:07:49 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-23 20:42:02 ----SHD---- C:\WINDOWS\Installer
2008-11-23 20:42:02 ----HD---- C:\Config.Msi
2008-11-23 20:41:57 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-23 20:40:22 ----A---- C:\WINDOWS\setuplog.txt
2008-11-23 20:38:36 ----D---- C:\WINDOWS\system32\Setup
2008-11-23 20:38:36 ----D---- C:\WINDOWS\ime
2008-11-23 20:38:36 ----D---- C:\WINDOWS\AppPatch
2008-11-23 20:38:33 ----D---- C:\WINDOWS\system32\wbem
2008-11-23 20:38:29 ----RSD---- C:\WINDOWS\Fonts
2008-11-23 20:33:27 ----D---- C:\Program Files\Messenger
2008-11-23 20:28:19 ----D---- C:\WINDOWS\WinSxS
2008-11-23 20:27:49 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-23 20:27:49 ----D---- C:\WINDOWS\Help
2008-11-23 20:27:22 ----D---- C:\WINDOWS\system32\usmt
2008-11-23 20:27:21 ----D---- C:\Program Files\Internet Explorer
2008-11-23 20:27:17 ----D---- C:\WINDOWS\PeerNet
2008-11-23 20:27:17 ----D---- C:\Program Files\Movie Maker
2008-11-23 20:22:17 ----D---- C:\WINDOWS\system32\Restore
2008-11-23 20:22:17 ----D---- C:\WINDOWS\system32\npp
2008-11-23 20:22:17 ----D---- C:\WINDOWS\mui
2008-11-23 20:22:14 ----D---- C:\WINDOWS\msagent
2008-11-23 20:22:12 ----D---- C:\WINDOWS\srchasst
2008-11-23 20:22:10 ----D---- C:\Program Files\NetMeeting
2008-11-23 20:22:07 ----D---- C:\WINDOWS\system32\Com
2008-11-23 20:22:03 ----D---- C:\Program Files\Windows Media Player
2008-11-23 20:22:02 ----D---- C:\Program Files\Windows NT
2008-11-23 20:22:02 ----D---- C:\Program Files\Outlook Express
2008-11-23 20:21:56 ----D---- C:\Program Files\Common Files\System
2008-11-23 20:21:21 ----D---- C:\WINDOWS\system32\oobe
2008-11-23 20:21:18 ----D---- C:\WINDOWS\system
2008-11-23 20:16:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-23 20:11:30 ----D---- C:\WINDOWS\ehome
2008-11-17 18:08:18 ----SD---- C:\Documents and Settings\bbodio.UTD\Application Data\Microsoft
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-15 20:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 20:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 20:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]
R1 awecho;awecho; C:\WINDOWS\system32\drivers\awechomd.sys [2004-03-05 8368]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-11-17 11165]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-09 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-31 143834]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2005-10-31 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-10-31 14037]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2003-06-20 10970]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-27 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-27 98938]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-10-27 33847]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B; C:\WINDOWS\system32\drivers\wA301b.sys [2003-10-27 33847]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-08-21 94600]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-01-29 140800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-10-27 93979]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-31 30630]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081002.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081002.004\navex15.sys []
R3 PTDWBus;Curitel PC Card Composite Device driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDWBus.sys [2007-04-06 27392]
R3 PTDWMdm;Curitel PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDWMdm.sys [2007-04-06 41728]
R3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDWVsp.sys [2007-04-06 39808]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
R3 PWCTLDRV;The NECHostController Filter Driver; C:\WINDOWS\system32\drivers\PWCTLDRV.sys [2007-04-09 5888]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CSVirtA;Cisco Systems SSL VPN Adapter; C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [2007-08-22 22136]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-31 25898]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pwi_bus.sys []
S3 pwi_mdfl;Curitel PC Card Filter; C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys []
S3 pwi_mdm;Curitel PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys []
S3 pwi_oflt;Curitel PC Card OHCI Filter; C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys []
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pwi_serd.sys []
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2003-06-11 2477952]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-10-26 1524512]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2003-06-20 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2003-06-20 303171]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 STCAgent;Cisco Systems, Inc. STC Agent; C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe [2007-08-22 267320]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 Venturi2;Venturi Client; c:\program files\verizon wireless\venturi\Client\ventc.exe [2005-01-24 1204306]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2004-11-01 106496]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#7 ruggo

ruggo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 06 January 2009 - 08:49 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-06 20:31:41
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 82D8ACE0 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEFA5EA20]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEFA5F350]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xEFA5F110]
SSDT 82E187D8 ZwQueryValueKey
SSDT 82D8B318 ZwResumeThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEFA5F580]

---- Kernel code sections - GMER 1.0.14 ----

? apynqp.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.14 ----

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 07 January 2009 - 03:17 AM

Please show hidden files and folders

Please manually find and delete these files

C:\WINDOWS\tasks\nylkbvsx.job
C:\WINDOWS\system32\4be0acf7-.txt




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O20 - AppInit_DLLs: ggfkej.dll

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis



NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Run RSIT again.. Post me these logs in your next reply..

1. ESET Online Scanner
2. RSIT log.txt
3. Tell me, how is the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 ruggo

ruggo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 07 January 2009 - 08:07 PM

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3749 (20090107)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=6e24cedc80371e469aa8f55ed7749d4e
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-08 12:57:14
# local_time=2009-01-07 07:57:14 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=360122
# found=1
# scan_time=3834
C:\Documents and Settings\bbodio.UTD\Local Settings\Temporary Internet Files\Content.IE5\O5UB0HMV\apstpldr.dll[1].htm Win32/BHO.NKY trojan (unable to clean - deleted) 00000000000000000000000000000000


---------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by bbodio at 2009-01-07 20:01:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (75%) free of 38 GB
Total RAM: 510 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:20 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
c:\program files\verizon wireless\venturi\Configurator\ventcfg.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bbodio.UTD\Desktop\RSIT.exe
C:\Documents and Settings\bbodio.UTD\Desktop\bbodio.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://ra.uptodate.com/CACHE/stc/1/binaries/stcweb.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {B996510E-30C9-4083-ADB9-9FD3760D689D} (APC InfraStruXure Manager Client Control) - http://10.1.254.252/ApcIsxInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UTD.COM
O17 - HKLM\Software\..\Telephony: DomainName = UTD.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EC6718-52AF-495B-960F-9AC9A481176C}: NameServer = 66.174.95.44 69.78.96.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = UTD.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = utd.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = utd.com
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8113 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-10-27 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-10-27 118784]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-05-28 86016]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2003-02-24 163840]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-08-20 151552]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe [2004-09-28 32881]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico

C:\Documents and Settings\bbodio.UTD\Start Menu\Programs\Startup
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-27 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2004-11-01 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll [2003-06-20 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\xstart.exe"="C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\xstart.exe:*:Enabled:Xstart for Win32"
"C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\exceed.exe"="C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\exceed.exe:*:Enabled:X Server for Win32"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-07 18:47:40 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-06 20:21:41 ----A---- C:\WINDOWS\gmer.ini
2009-01-06 20:21:38 ----RA---- C:\WINDOWS\gmer.exe
2009-01-06 20:21:38 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-06 20:21:38 ----A---- C:\WINDOWS\gmer.dll
2009-01-06 20:16:58 ----D---- C:\rsit
2009-01-06 19:09:14 ----D---- C:\Documents and Settings\bbodio.UTD\Application Data\Malwarebytes
2009-01-06 19:08:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-06 19:08:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 06:33:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-13 13:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 13:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 13:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 13:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 13:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-25 07:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-25 07:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-23 20:39:16 ----D---- C:\WINDOWS\Prefetch
2008-11-23 20:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-23 20:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-23 20:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-23 20:36:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-23 20:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-23 20:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-23 20:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-23 20:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-23 20:35:06 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-23 20:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-23 20:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-23 20:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-23 20:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-23 20:34:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-23 20:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-23 20:34:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-23 20:33:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-23 20:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-23 20:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-23 20:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-23 20:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-23 20:27:22 ----D---- C:\WINDOWS\system32\en-us
2008-11-23 20:27:21 ----D---- C:\WINDOWS\system32\scripting
2008-11-23 20:27:19 ----D---- C:\WINDOWS\l2schemas
2008-11-23 20:27:18 ----D---- C:\WINDOWS\system32\en
2008-11-23 20:27:17 ----D---- C:\WINDOWS\system32\bits
2008-11-23 20:22:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-23 20:18:39 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 20:11:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-23 19:55:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-23 19:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-10-25 19:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-25 19:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-25 19:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-25 19:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-25 19:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-25 19:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-25 19:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$

======List of files/folders modified in the last 3 months======

2009-01-07 19:59:34 ----D---- C:\Program Files\Mozilla Firefox
2009-01-07 18:47:40 ----RD---- C:\Program Files
2009-01-07 18:47:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-07 18:47:34 ----D---- C:\WINDOWS\system32
2009-01-07 18:47:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-07 18:39:10 ----SD---- C:\WINDOWS\Tasks
2009-01-07 18:36:01 ----D---- C:\WINDOWS\Temp
2009-01-07 18:35:59 ----A---- C:\WINDOWS\ModemLog_Curitel PC Card (UDP).txt
2009-01-06 20:21:41 ----D---- C:\WINDOWS
2009-01-06 20:21:38 ----D---- C:\WINDOWS\system32\drivers
2009-01-06 20:15:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-06 20:11:58 ----D---- C:\Program Files\Symantec AntiVirus
2009-01-06 20:10:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 19:55:31 ----SHD---- C:\WINDOWS\CSC
2008-12-27 16:24:12 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-27 16:23:36 ----HD---- C:\WINDOWS\inf
2008-12-26 12:32:26 ----D---- C:\WINDOWS\security
2008-12-19 06:34:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 06:32:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 13:07:49 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-23 20:42:02 ----SHD---- C:\WINDOWS\Installer
2008-11-23 20:42:02 ----HD---- C:\Config.Msi
2008-11-23 20:41:57 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-23 20:40:22 ----A---- C:\WINDOWS\setuplog.txt
2008-11-23 20:38:36 ----D---- C:\WINDOWS\system32\Setup
2008-11-23 20:38:36 ----D---- C:\WINDOWS\ime
2008-11-23 20:38:36 ----D---- C:\WINDOWS\AppPatch
2008-11-23 20:38:33 ----D---- C:\WINDOWS\system32\wbem
2008-11-23 20:38:29 ----RSD---- C:\WINDOWS\Fonts
2008-11-23 20:33:27 ----D---- C:\Program Files\Messenger
2008-11-23 20:28:19 ----D---- C:\WINDOWS\WinSxS
2008-11-23 20:27:49 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-23 20:27:49 ----D---- C:\WINDOWS\Help
2008-11-23 20:27:22 ----D---- C:\WINDOWS\system32\usmt
2008-11-23 20:27:21 ----D---- C:\Program Files\Internet Explorer
2008-11-23 20:27:17 ----D---- C:\WINDOWS\PeerNet
2008-11-23 20:27:17 ----D---- C:\Program Files\Movie Maker
2008-11-23 20:22:17 ----D---- C:\WINDOWS\system32\Restore
2008-11-23 20:22:17 ----D---- C:\WINDOWS\system32\npp
2008-11-23 20:22:17 ----D---- C:\WINDOWS\mui
2008-11-23 20:22:14 ----D---- C:\WINDOWS\msagent
2008-11-23 20:22:12 ----D---- C:\WINDOWS\srchasst
2008-11-23 20:22:10 ----D---- C:\Program Files\NetMeeting
2008-11-23 20:22:07 ----D---- C:\WINDOWS\system32\Com
2008-11-23 20:22:03 ----D---- C:\Program Files\Windows Media Player
2008-11-23 20:22:02 ----D---- C:\Program Files\Windows NT
2008-11-23 20:22:02 ----D---- C:\Program Files\Outlook Express
2008-11-23 20:21:56 ----D---- C:\Program Files\Common Files\System
2008-11-23 20:21:21 ----D---- C:\WINDOWS\system32\oobe
2008-11-23 20:21:18 ----D---- C:\WINDOWS\system
2008-11-23 20:16:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-23 20:11:30 ----D---- C:\WINDOWS\ehome
2008-11-17 18:08:18 ----SD---- C:\Documents and Settings\bbodio.UTD\Application Data\Microsoft
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-15 20:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 20:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 20:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]
R1 awecho;awecho; C:\WINDOWS\system32\drivers\awechomd.sys [2004-03-05 8368]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-11-17 11165]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-09 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-31 143834]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2005-10-31 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-10-31 14037]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2003-06-20 10970]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-27 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-27 98938]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-10-27 33847]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B; C:\WINDOWS\system32\drivers\wA301b.sys [2003-10-27 33847]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-08-21 94600]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-01-29 140800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-10-27 93979]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-31 30630]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081002.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081002.004\navex15.sys []
R3 PTDWBus;Curitel PC Card Composite Device driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDWBus.sys [2007-04-06 27392]
R3 PTDWMdm;Curitel PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDWMdm.sys [2007-04-06 41728]
R3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDWVsp.sys [2007-04-06 39808]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
R3 PWCTLDRV;The NECHostController Filter Driver; C:\WINDOWS\system32\drivers\PWCTLDRV.sys [2007-04-09 5888]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CSVirtA;Cisco Systems SSL VPN Adapter; C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [2007-08-22 22136]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-31 25898]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-06 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pwi_bus.sys []
S3 pwi_mdfl;Curitel PC Card Filter; C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys []
S3 pwi_mdm;Curitel PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys []
S3 pwi_oflt;Curitel PC Card OHCI Filter; C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys []
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pwi_serd.sys []
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2003-06-11 2477952]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-10-26 1524512]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2003-06-20 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2003-06-20 303171]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 STCAgent;Cisco Systems, Inc. STC Agent; C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe [2007-08-22 267320]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 Venturi2;Venturi Client; c:\program files\verizon wireless\venturi\Client\ventc.exe [2005-01-24 1204306]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2004-11-01 106496]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

fenzodahl512 the laptop is a millions time better. that is an amazing job you did..... nicely done....thank you for donating your time and thank you again for you help!!!

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 08 January 2009 - 02:02 AM

Everything looks good to me. Lets do some cleanup...

Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users