Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up issues


  • This topic is locked This topic is locked
15 replies to this topic

#1 compissues

compissues

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 27 December 2008 - 01:45 PM

I've been getting all kinds of popups, including one that says I have been infected and then proceeds to open some sort of scanner that says it is trying to find viruses. When I try to close the popups, sometimes all of my IE windows close down too. Would be most grateful for your advice. Please find my DDS files attached.

Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 05 January 2009 - 05:59 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 05 January 2009 - 08:43 PM

Thanks so much for your help!

Malwarebytes' Anti-Malware 1.32
Database version: 1621
Windows 5.1.2600 Service Pack 2

1/5/2009 8:31:12 PM
mbam-log-2009-01-05 (20-31-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157444
Time elapsed: 1 hour(s), 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 39

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\jelayaro.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83a08a74-d917-4b17-b7c1-7b70a308943b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83a08a74-d917-4b17-b7c1-7b70a308943b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiheyuzadi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm7bdfb419 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jelayaro.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jelayaro.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\biserano.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onaresib.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ditedapa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apadetid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kahoyubu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubuyohak.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\muwodanu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unadowum.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tudeyome.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emoyedut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vinizepu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upeziniv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jujoveve.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jelayaro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\training\Desktop\win32.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Outlook Express\wab.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP136\A0052657.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP136\A0052682.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP136\A0052750.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP136\A0052751.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP136\A0053751.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP136\A0053754.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gibesegu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juheyuve.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jusonewe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vewigayi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vozudola.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\disogumi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fepemini.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fotomelo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kopadodu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ninoleli.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\harupeza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seyurivi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zapegaje.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zarajubo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zehawoyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lelujuzo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\henuweva.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.

#4 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 05 January 2009 - 08:47 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by training at 2009-01-05 20:43:17
Microsoft Windows XP Professional Service Pack 2
System drive C: has 67 GB (87%) free of 76 GB
Total RAM: 1014 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:51 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Track-It! Deploy\Client\PTClient.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\training\Desktop\RSIT.exe
C:\Program Files\trend micro\training.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0060907
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0060907
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\Track-It! Deploy\Client\PTClient.exe" /Subscriber
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [fiheyuzadi] Rundll32.exe "C:\WINDOWS\system32\jujoveve.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = brandyami.com
O17 - HKLM\Software\..\Telephony: DomainName = brandyami.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = brandyami.com
O18 - Protocol: fdstp2 - {EDA30510-6AD8-11D2-A1A4-00805F0F0690} - C:\Program Files\FactSet\fdstp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll c:\windows\system32\henuweva.dll C:\WINDOWS\system32\rezuniti.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Channel Deployer - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PrismXL - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10553 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-26 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-09 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
"Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514]
"Prism Deploy Client"=C:\Program Files\Track-It! Deploy\Client\PTClient.exe [2003-09-11 1912832]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-10-18 413696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-26 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll c:\windows\system32\henuweva.dll C:\WINDOWS\system32\rezuniti.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\rezuniti.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=3

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\FactSet\Marquee\Marquee.exe"="C:\Program Files\FactSet\Marquee\Marquee.exe:*:Enabled:Marquee Application"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Common Files\Adobe\Web\AOM.exe"="C:\Program Files\Common Files\Adobe\Web\AOM.exe:*:Enabled:AOM"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgwdsvc.exe"="C:\Program Files\AVG\AVG8\avgwdsvc.exe:*:Enabled:avgwdsvc"
"C:\Program Files\AVG\AVG8\avgrsx.exe"="C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-01-05 20:43:17 ----D---- C:\rsit
2009-01-05 20:43:17 ----D---- C:\Program Files\trend micro
2009-01-05 19:23:38 ----D---- C:\Documents and Settings\training\Application Data\Malwarebytes
2009-01-05 19:23:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 19:23:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-27 14:05:06 ----SH---- C:\WINDOWS\system32\izorisaf.ini
2008-12-26 22:08:12 ----SHD---- C:\Config.Msi
2008-12-26 21:18:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-26 21:18:17 ----D---- C:\Program Files\Spyware Doctor
2008-12-26 20:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-26 20:39:47 ----D---- C:\Documents and Settings\training\Application Data\SUPERAntiSpyware.com
2008-12-26 12:21:57 ----HD---- C:\$AVG8.VAULT$
2008-12-26 09:00:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-26 09:00:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-26 08:30:31 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-26 08:30:07 ----D---- C:\Program Files\AVG
2008-12-26 08:30:06 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-26 07:36:35 ----D---- C:\Program Files\Lavasoft
2008-12-26 07:36:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-26 07:35:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-09 11:49:15 ----D---- C:\Documents and Settings\training\Application Data\Google
2008-11-09 11:45:51 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-18 17:10:45 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 3 months======

2009-01-05 20:43:38 ----D---- C:\WINDOWS\Temp
2009-01-05 20:43:17 ----RD---- C:\Program Files
2009-01-05 20:35:59 ----A---- C:\WINDOWS\smscfg.ini
2009-01-05 20:35:21 ----D---- C:\WINDOWS\Prefetch
2009-01-05 20:34:07 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-01-05 20:33:18 ----D---- C:\WINDOWS\system32\drivers
2009-01-05 20:33:18 ----D---- C:\WINDOWS\system32
2009-01-05 20:32:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 20:31:23 ----D---- C:\WINDOWS\system32\dllcache
2009-01-05 20:31:17 ----D---- C:\Program Files\Outlook Express
2009-01-03 21:23:53 ----D---- C:\WINDOWS\Registration
2009-01-03 12:22:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-03 10:26:27 ----D---- C:\Documents and Settings\training\Application Data\OrgPlus5
2009-01-03 08:53:45 ----SHD---- C:\WINDOWS\CSC
2008-12-27 14:05:00 ----ASH---- C:\WINDOWS\system32\vulotusa.dll
2008-12-26 22:08:12 ----SHD---- C:\WINDOWS\Installer
2008-12-26 21:20:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-26 11:04:00 ----A---- C:\WINDOWS\wininit.ini
2008-12-26 08:29:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-26 08:29:53 ----D---- C:\WINDOWS\WinSxS
2008-12-26 08:25:20 ----SD---- C:\Documents and Settings\training\Application Data\Microsoft
2008-12-26 08:25:17 ----D---- C:\WINDOWS
2008-12-26 07:35:20 ----D---- C:\Program Files\Common Files
2008-12-25 21:34:31 ----ASH---- C:\WINDOWS\system32\kevuheru.dll
2008-11-09 11:47:58 ----D---- C:\Program Files\Google
2008-10-18 17:10:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-12 14:57:15 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-26 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-26 26824]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-07 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2006-02-09 8992]
R3 kbstuff;SMS Virtual Keyboard; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2006-02-09 11744]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC; C:\WINDOWS\system32\DRIVERS\kwusbnt.sys [2007-02-08 101280]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-01-11 24832]
S3 PTDCMdm;PANTECH PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-01-11 39424]
S3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-01-11 37760]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-26 231704]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 Channel Deployer;Channel Deployer; C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys [2003-09-11 65536]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 FwcAgent;Firewall Client Agent; C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-09 168432]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2004-09-22 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2004-09-22 28672]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS [2003-09-11 159744]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 Venturi2;Venturi Client; c:\program files\verizon wireless\venturi\Client\ventc.exe [2005-01-24 1204306]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217]
R2 Wuser32;SMS Remote Control Agent; C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe [2006-02-09 248544]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [2006-06-12 180224]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Edited by compissues, 05 January 2009 - 08:51 PM.


#5 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 05 January 2009 - 08:52 PM

info.txt logfile of random's system information tool 1.05 2009-01-05 20:43:54

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->msiexec /i {199B7F78-69B7-47C5-8D4B-A3ED1391FB6B} MSIPATCHREMOVE={0A3D1B9E-2E40-43CA-AD0C-4A10E244EFB7} /qb
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abra OrgPlus 5-->MsiExec.exe /I{CC34F9FB-34B4-4224-A09B-95432AE34EB9}
Abra Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B001764B-B44C-4E92-9ADF-A0C4D7F08369}\setup.exe" -l0x9
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Charles River IMS v8.1.4 - Client-->C:\CharlesRiver\814\client\_uninst\uninstaller.exe
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Crystal Reports for Best-->MsiExec.exe /I{7699B723-9718-41DE-8C18-549F341C02CE}
Curitel PC Card Software-->C:\Program Files\Verizon Wireless\PC5740\PWI_Uninstall.exe
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
FactSet for Windows-->MsiExec.exe /I{4437330f-ec2b-469b-9c64-5e2461757c47}
FactSet for Windows-->MsiExec.exe /I{4437330f-ec2b-469b-9c64-5e2461757c47}
FactSet Marquee-->MsiExec.exe /I{37D9FF24-EF64-4AA4-886D-D7372C45577C}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
HumanConcepts OrgViewer 5-->C:\Program Files\HumanConcepts\OrgViewer 5\Uninst.EXE /u
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MetaFrame Presentation Server Client-->MsiExec.exe /I{7A1FB67F-A340-472A-97C3-A6AFFE078AAE}
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Firewall Client-->MsiExec.exe /I{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\80\Tools\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\80\Tools\sqlsun.dll" -msql.mif
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NTRU Hybrid TSS v2.0.25-->MsiExec.exe /I{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}
PANTECH PC Card Software-->C:\Program Files\PANTECH\PANTECH PC Card\PTDCUninstall.exe
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerOLAP Modeler-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{405AF7D1-2052-11D0-892E-0000C0CAB60D}\setup.exe" -l0x9
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908521)-->"C:\WINDOWS\$NtUninstallKB908521$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB916846)-->"C:\WINDOWS\$NtUninstallKB916846$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Venturi Client 3.1.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\Setup.exe" -l0x9 -vuninstall
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: SMITHD620
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Record Number: 22458
Source Name: W32Time
Time Written: 20081115191421.000000-300
Event Type: error
User:

Computer Name: SMITHD620
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.

Record Number: 22457
Source Name: W32Time
Time Written: 20081115191421.000000-300
Event Type: warning
User:

Computer Name: SMITHD620
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Record Number: 22456
Source Name: W32Time
Time Written: 20081115191420.000000-300
Event Type: error
User:

Computer Name: SMITHD620
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.

Record Number: 22455
Source Name: W32Time
Time Written: 20081115191420.000000-300
Event Type: warning
User:

Computer Name: SMITHD620
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 22454
Source Name: b57w2k
Time Written: 20081115191420.000000-300
Event Type: warning
User:

Application event log

Computer Name: SMITHD620
Event Code: 0
Message:
Record Number: 3160
Source Name: RegSrvc
Time Written: 20080521194557.000000-240
Event Type: information
User:

Computer Name: SMITHD620
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 3159
Source Name: Userenv
Time Written: 20080521194556.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SMITHD620
Event Code: 0
Message:
Record Number: 3158
Source Name: EvtEng
Time Written: 20080521194555.000000-240
Event Type: information
User:

Computer Name: SMITHD620
Event Code: 1517
Message: Windows saved user BRANDYWINE\training registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 3157
Source Name: Userenv
Time Written: 20080520230930.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SMITHD620
Event Code: 5000
Message: VirusScan Enterprise McShield service started - scanning for 394428 viruses.

Engine version : 5.2.00

.DAT version : 5299



EXTRA.DAT name : None

Number of virus signatures in EXTRA.DAT : None

Names of viruses that EXTRA.DAT can detect : None

Record Number: 3156
Source Name: McLogEvent
Time Written: 20080520202550.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\blp\API\dde;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\blp\API;C:\Program Files\Microsoft SQL Server\80\Tools\BINN
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CI_HOLOS_CLI"=C:\Program Files\Best Software\Open Olap\

-----------------EOF-----------------

#6 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 05 January 2009 - 09:21 PM

Attached File  GMER_log.log   51.82KB   26 downloads

Here's the GMER log, attached as you requested. Please let me know what else I can do. Thanks again!

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 06 January 2009 - 01:05 AM

IMPORTANT!! Uninstall these programs before proceed with our fixes..

1. Lavasoft Ad-Aware
2. Viewpoint
3. Spybot S&D
4. Adobe Acrobat 5.0

For Adobe Acrobat 5.0, I recommend you to replace it with FoxIt Reader, which is better.. Link for it below..

http://www.foxitsoftware.com/pdf/rd_intro.php



NEXT


Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE



NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    c:\windows\system32\henuweva.dll
    C:\WINDOWS\system32\rezuniti.dll
    C:\WINDOWS\system32\izorisaf.ini
    C:\WINDOWS\system32\vulotusa.dll
    C:\WINDOWS\system32\kevuheru.dll
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 06 January 2009 - 07:55 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\windows\system32\henuweva.dll not found.
File/Folder C:\WINDOWS\system32\rezuniti.dll not found.
File/Folder C:\WINDOWS\system32\izorisaf.ini not found.
File/Folder C:\WINDOWS\system32\vulotusa.dll not found.
File/Folder C:\WINDOWS\system32\kevuheru.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_734.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_194648

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_734.dat not found!
File move failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be moved on reboot.

#9 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 06 January 2009 - 08:00 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by training at 2009-01-06 19:57:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 67 GB (88%) free of 76 GB
Total RAM: 1014 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:01 PM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Track-It! Deploy\Client\PTClient.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\training\Desktop\RSIT.exe
C:\Program Files\trend micro\training.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0060907
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0060907
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\Track-It! Deploy\Client\PTClient.exe" /Subscriber
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [fiheyuzadi] Rundll32.exe "C:\WINDOWS\system32\jujoveve.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = brandyami.com
O17 - HKLM\Software\..\Telephony: DomainName = brandyami.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = brandyami.com
O18 - Protocol: fdstp2 - {EDA30510-6AD8-11D2-A1A4-00805F0F0690} - C:\Program Files\FactSet\fdstp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Channel Deployer - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PrismXL - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10267 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-26 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-09 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
"Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514]
"Prism Deploy Client"=C:\Program Files\Track-It! Deploy\Client\PTClient.exe [2003-09-11 1912832]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-10-18 413696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-26 1261336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-06 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=3

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\FactSet\Marquee\Marquee.exe"="C:\Program Files\FactSet\Marquee\Marquee.exe:*:Enabled:Marquee Application"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Common Files\Adobe\Web\AOM.exe"="C:\Program Files\Common Files\Adobe\Web\AOM.exe:*:Enabled:AOM"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgwdsvc.exe"="C:\Program Files\AVG\AVG8\avgwdsvc.exe:*:Enabled:avgwdsvc"
"C:\Program Files\AVG\AVG8\avgrsx.exe"="C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-01-06 19:40:01 ----D---- C:\_OTMoveIt
2009-01-06 19:32:29 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-06 19:32:29 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-06 19:32:29 ----A---- C:\WINDOWS\system32\java.exe
2009-01-06 19:32:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-05 20:51:24 ----A---- C:\WINDOWS\gmer.ini
2009-01-05 20:51:22 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-05 20:51:22 ----A---- C:\WINDOWS\gmer.dll
2009-01-05 20:51:21 ----A---- C:\WINDOWS\gmer.exe
2009-01-05 20:43:17 ----D---- C:\rsit
2009-01-05 20:43:17 ----D---- C:\Program Files\trend micro
2009-01-05 19:23:38 ----D---- C:\Documents and Settings\training\Application Data\Malwarebytes
2009-01-05 19:23:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 19:23:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-26 22:08:12 ----SHD---- C:\Config.Msi
2008-12-26 21:18:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-26 21:18:17 ----D---- C:\Program Files\Spyware Doctor
2008-12-26 20:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-26 20:39:47 ----D---- C:\Documents and Settings\training\Application Data\SUPERAntiSpyware.com
2008-12-26 12:21:57 ----HD---- C:\$AVG8.VAULT$
2008-12-26 09:00:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-26 09:00:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-26 08:30:31 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-26 08:30:07 ----D---- C:\Program Files\AVG
2008-12-26 08:30:06 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-26 07:36:35 ----D---- C:\Program Files\Lavasoft
2008-12-26 07:36:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-09 11:49:15 ----D---- C:\Documents and Settings\training\Application Data\Google
2008-11-09 11:45:51 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-18 17:10:45 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 3 months======

2009-01-06 19:58:01 ----D---- C:\WINDOWS\Temp
2009-01-06 19:51:17 ----A---- C:\WINDOWS\smscfg.ini
2009-01-06 19:49:13 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-01-06 19:48:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 19:48:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-06 19:40:02 ----D---- C:\WINDOWS\system32
2009-01-06 19:37:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-06 19:35:04 ----D---- C:\Program Files\Java
2009-01-06 19:34:55 ----SHD---- C:\WINDOWS\Installer
2009-01-06 19:32:34 ----D---- C:\WINDOWS\Prefetch
2009-01-06 19:17:23 ----D---- C:\WINDOWS
2009-01-06 19:16:33 ----D---- C:\Program Files\Common Files\Adobe
2009-01-06 19:12:52 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-06 19:12:51 ----D---- C:\Program Files\Viewpoint
2009-01-06 19:06:21 ----D---- C:\Program Files\Common Files
2009-01-06 19:06:16 ----D---- C:\WINDOWS\system32\drivers
2009-01-05 20:43:17 ----RD---- C:\Program Files
2009-01-05 20:33:18 ----D---- C:\Program Files\Outlook Express
2009-01-05 20:31:23 ----D---- C:\WINDOWS\system32\dllcache
2009-01-03 21:23:53 ----D---- C:\WINDOWS\Registration
2009-01-03 10:26:27 ----D---- C:\Documents and Settings\training\Application Data\OrgPlus5
2009-01-03 08:53:45 ----SHD---- C:\WINDOWS\CSC
2008-12-26 21:20:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-26 11:04:00 ----A---- C:\WINDOWS\wininit.ini
2008-12-26 08:29:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-26 08:29:53 ----D---- C:\WINDOWS\WinSxS
2008-12-26 08:25:20 ----SD---- C:\Documents and Settings\training\Application Data\Microsoft
2008-11-09 11:47:58 ----D---- C:\Program Files\Google
2008-10-12 14:57:15 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-26 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-26 26824]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-07 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2006-02-09 8992]
R3 kbstuff;SMS Virtual Keyboard; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2006-02-09 11744]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-05 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC; C:\WINDOWS\system32\DRIVERS\kwusbnt.sys [2007-02-08 101280]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-01-11 24832]
S3 PTDCMdm;PANTECH PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-01-11 39424]
S3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-01-11 37760]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-26 231704]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 Channel Deployer;Channel Deployer; C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys [2003-09-11 65536]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 FwcAgent;Firewall Client Agent; C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-09 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-06 152984]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2004-09-22 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2004-09-22 28672]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS [2003-09-11 159744]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 Venturi2;Venturi Client; c:\program files\verizon wireless\venturi\Client\ventc.exe [2005-01-24 1204306]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217]
R2 Wuser32;SMS Remote Control Agent; C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe [2006-02-09 248544]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [2006-06-12 180224]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#10 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 06 January 2009 - 08:05 PM

I had a little trouble trying to remove Spybot. It wasn't showing up in add/remove files and I couldn't find an uninstall file. I deleted one file, but the two others in the folder would not allow me to delete them.

Thanks again!

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 07 January 2009 - 02:59 AM

Don't worry too much about it.. Your log looks nice.. How is your computer now?

Lets do this...


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-20\..\Run: [fiheyuzadi] Rundll32.exe "C:\WINDOWS\system32\jujoveve.dll",s (User 'NETWORK SERVICE')

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 07 January 2009 - 07:18 PM

It has actually been running better after the first steps that you had me run through. Thanks so much!

Here is the ESET log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3746 (20090107)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=747eddf528060848afff918e51c74dcd
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-07 12:11:40
# local_time=2009-01-07 07:11:40 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=565214
# found=2
# scan_time=5495
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application (deleted) 00000000000000000000000000000000
C:\Program Files\AIM\Sysfiles\WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

#13 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 07 January 2009 - 07:19 PM

Once you feel we have fixed everything to your satisfaction, is there anything you would recommend in terms of software that is running on my computer (i.e., things I should remove or things I should add)?

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 08 January 2009 - 01:43 AM

Everything looks great here.. I see you have 2 antivirus installed (AVG and McAfee "Network Association")

If that's the case, please uninstall ONE of them.. Your choice to use which one :thumbsup:


Lets do some cleanup...

Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 compissues

compissues
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 08 January 2009 - 07:34 PM

My computer is acting just like new. Thanks so much for all of the time you spent helping me out! I really appreciate it!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users