Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Conhook and other trojans


  • This topic is locked This topic is locked
21 replies to this topic

#1 daddar

daddar

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 04 January 2009 - 02:06 PM

I have scanned my laptop several times with avast anitivirus, Spybot S&D and McAfee and I can't get rid of the trojan/virus. My laptop has slowed down and i keep getting pop-ups. Every now and then avast pops up saying theres a virus and i delete it but then it comes back 2 minutes later!

DDS Report:

DDS (Version 1.1.0) - NTFSx86
Run by Roy at 18:46:12.39 on 04/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1343 [GMT 0:00]

AV: avast! antivirus 4.8.1296 [VPS 090104-0] *On-access scanning enabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\Drivers\bwcsrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Roy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
uSearch Bar =
uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
BHO: {26cc992d-e013-4d6c-bd0f-868f235860f1} - c:\windows\system32\iifddcaW.dll
BHO: c:\windows\system32\tyshb36rfjdf.dll: {d5bf49a2-94f1-42bd-f434-3604812c807d} - c:\windows\system32\tyshb36rfjdf.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NudgeMania] c:\program files\nudgemania\NudgeMania.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
Notify: khfDwuuT - khfDwuuT.dll
AppInit_DLLs: wxvault.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\tyshb36rfjdf.dll: {d5bf49a2-94f1-42bd-f434-3604812c807d} - c:\windows\system32\tyshb36rfjdf.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth c:\windows\system32\iifddcaW
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\roy\applic~1\mozilla\firefox\profiles\jp7wrgs4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - www.google.co.uk

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-13 111184]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-4-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-4-13 352920]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [2008-2-2 372480]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-12-29 33792]
R4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-13 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-4-13 155160]
R4 bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\bwcdrv.sys [2008-2-2 19840]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-11-13 104000]
R4 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R4 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 cglptnt;cglptnt;\??\c:\documents and settings\roy\desktop\total commander\cglptnt.sys --> c:\documents and settings\roy\desktop\total commander\cglptnt.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-12-8 17149]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-1-3 10976]
S3 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-11-13 72264]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-11-13 34152]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-11-13 170408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-12-15 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-12-15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-12-15 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-12-15 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-12-15 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-12-15 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-12-15 117544]

=============== Created Last 30 ================

2009-01-04 18:37 120 ---sh--- c:\windows\system32\qarkqujg.ini
2009-01-04 18:34 128,000 a------- c:\windows\system32\smdascbo.dll
2009-01-04 15:57 120 ---sh--- c:\windows\system32\jrhdqvwo.ini
2009-01-04 15:57 128,000 a------- c:\windows\system32\tacyqqnd.dll
2009-01-03 23:51 1,409 a------- c:\windows\QTFont.for
2009-01-03 23:51 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-03 23:36 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-01-03 23:36 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-03 23:35 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-01-03 23:22 1,107,296 a------- c:\windows\system32\WdfCoInstaller01007.dll
2009-01-03 23:22 22,368 a------- c:\windows\system32\drivers\ggsemc.sys
2009-01-03 23:22 10,976 a------- c:\windows\system32\drivers\ggflt.sys
2009-01-02 13:09 120 ---sh--- c:\windows\system32\xmyksypm.ini
2008-12-31 17:03 569,918 a--sh--- c:\windows\system32\Wacddfii.ini2
2008-12-31 16:30 120 ---sh--- c:\windows\system32\yvngagan.ini
2008-12-30 16:11 143 a------- c:\windows\system32\mcrh.tmp
2008-12-30 14:02 120 ---sh--- c:\windows\system32\nbwygkev.ini
2008-12-29 16:36 120 ---sh--- c:\windows\system32\jtvrblnp.ini
2008-12-28 16:33 120 ---sh--- c:\windows\system32\igxbcmas.ini
2008-12-27 13:15 120 ---sh--- c:\windows\system32\vpbhbqah.ini
2008-12-26 15:22 <DIR> --d----- c:\windows\system32\CatRoot2
2008-12-26 14:51 570,090 a--sh--- c:\windows\system32\Wacddfii.ini
2008-12-24 17:25 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-22 23:51 2,710 a------- c:\windows\system32\TDSSdxcp.dll
2008-12-22 23:51 441 a------- c:\windows\system32\TDSSmtve.dat
2008-12-22 23:41 293,376 a------- c:\windows\system32\iifddcaW.dll
2008-12-21 20:22 151,552 a------- c:\windows\system32\securenet.dll
2008-12-15 20:55 <DIR> --d----- c:\program files\common files\Sony Shared
2008-12-15 20:54 <DIR> --d----- c:\program files\Sony
2008-12-15 20:50 <DIR> --d----- c:\program files\Avanquest update
2008-12-15 20:49 10,792 a------- c:\windows\system32\drivers\s1018cr.sys
2008-12-15 20:49 117,544 a------- c:\windows\system32\drivers\s1018unic.sys
2008-12-15 20:49 115,368 a------- c:\windows\system32\drivers\s1018mgmt.sys
2008-12-15 20:49 111,784 a------- c:\windows\system32\drivers\s1018obex.sys
2008-12-15 20:49 25,768 a------- c:\windows\system32\drivers\s1018nd5.sys
2008-12-15 20:49 15,016 a------- c:\windows\system32\drivers\s1018mdfl.sys
2008-12-15 20:49 122,024 a------- c:\windows\system32\drivers\s1018mdm.sys
2008-12-15 20:49 12,200 a------- c:\windows\system32\drivers\s1018cmnt.sys
2008-12-15 20:49 12,200 a------- c:\windows\system32\drivers\s1018cm.sys
2008-12-15 20:49 90,408 a------- c:\windows\system32\drivers\s1018bus.sys
2008-12-15 20:49 12,200 a------- c:\windows\system32\drivers\s1018whnt.sys
2008-12-15 20:49 12,200 a------- c:\windows\system32\drivers\s1018wh.sys
2008-12-15 20:48 <DIR> --d----- c:\program files\Sony Ericsson
2008-12-15 20:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2008-12-08 19:07 <DIR> --d----- c:\program files\MAKEMSI Package Documentation
2008-12-08 19:07 <DIR> --d----- c:\program files\Wayfinder MapLoader

==================== Find3M ====================

2008-12-13 06:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-03 21:12 4,040,627 a------- c:\windows\screensaver_2.SCR
2008-12-02 16:43 88,319 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-17 21:21 17,801 a------- c:\windows\system32\drivers\AegisP.sys
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 18:47:00.73 ===============

THANKS! :thumbsup:

Edited by daddar, 04 January 2009 - 02:11 PM.


BC AdBot (Login to Remove)

 


#2 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 04 January 2009 - 02:10 PM

I cannot attach the 'Attach' file for some reason so I'll post it.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 13/11/2007 20:52:25
System Uptime: 01/04/2009 18:40:36 (-2088 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel® Core™2 Duo CPU T7700 @ 2.40GHz | Microprocessor | 2393/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 60 GiB total, 39.253 GiB free.
D: is FIXED (NTFS) - 52 GiB total, 51.534 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\DISPLAY\0000
Manufacturer:
Name:
PNP Device ID: ROOT\DISPLAY\0000
Service:

Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MTD\0000
Manufacturer:
Name:
PNP Device ID: ROOT\MTD\0000
Service:

==== System Restore Points ===================

RP186: 22/12/2008 23:41:47 - Software Distribution Service 3.0
RP187: 22/12/2008 23:41:47 - Software Distribution Service 3.0
RP188: 22/12/2008 23:41:47 - Removed Omnigraph Evaluation
RP189: 22/12/2008 23:41:48 - System Checkpoint
RP190: 22/12/2008 23:41:48 - Software Distribution Service 3.0
RP191: 22/12/2008 23:41:48 - Software Distribution Service 3.0
RP192: 22/12/2008 23:41:48 - Installed Omnigraph Evaluation
RP193: 22/12/2008 23:41:48 - Removed Omnigraph Evaluation
RP194: 22/12/2008 23:41:48 - Removed Adobe® Photoshop® Album Starter Edition 3.2
RP195: 22/12/2008 23:41:48 - Removed FIFA 08
RP196: 22/12/2008 23:41:48 - Removed Google Toolbar for Internet Explorer
RP197: 22/12/2008 23:41:49 - Removed Microsoft Silverlight
RP198: 22/12/2008 23:41:49 - Removed Windows Live installer
RP199: 22/12/2008 23:41:49 - Software Distribution Service 3.0
RP200: 22/12/2008 23:41:49 - Software Distribution Service 3.0
RP201: 22/12/2008 23:41:49 - System Checkpoint
RP202: 22/12/2008 23:41:49 - Software Distribution Service 3.0
RP203: 22/12/2008 23:41:49 - Software Distribution Service 3.0
RP204: 22/12/2008 23:41:50 - System Checkpoint
RP205: 22/12/2008 23:41:50 - Software Distribution Service 3.0
RP206: 22/12/2008 23:41:50 - Software Distribution Service 3.0
RP207: 22/12/2008 23:41:50 - Installed Windows XP WIC.
RP208: 22/12/2008 23:41:50 - Installed %1 %2.
RP209: 22/12/2008 23:41:50 - Printer Driver Microsoft XPS Document Writer Installed
RP210: 22/12/2008 23:41:50 - Installed GameSpy Comrade.
RP211: 22/12/2008 23:41:50 - Installed Flash
RP212: 22/12/2008 23:41:50 - Software Distribution Service 3.0
RP213: 22/12/2008 23:41:51 - Software Distribution Service 3.0
RP214: 22/12/2008 23:41:51 - Software Distribution Service 3.0
RP215: 22/12/2008 23:41:51 - Software Distribution Service 3.0
RP216: 22/12/2008 23:41:51 - Software Distribution Service 3.0
RP217: 22/12/2008 23:41:51 - Software Distribution Service 3.0
RP218: 22/12/2008 23:41:51 - Software Distribution Service 3.0
RP219: 22/12/2008 23:41:52 - Software Distribution Service 3.0
RP220: 22/12/2008 23:41:52 - Software Distribution Service 3.0
RP221: 22/12/2008 23:41:52 - Removed GameSpy Comrade.
RP222: 22/12/2008 23:41:52 - Installed GameSpy Comrade.
RP223: 22/12/2008 23:41:52 - 17th Nov 08 - PC has been cleaned up (defragmented)
RP224: 22/12/2008 23:41:52 - Installed NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
RP225: 22/12/2008 23:41:52 - Removed NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
RP226: 22/12/2008 23:41:52 - Software Distribution Service 3.0
RP227: 22/12/2008 23:41:53 - Software Distribution Service 3.0
RP228: 22/12/2008 23:41:53 - Software Distribution Service 3.0
RP229: 22/12/2008 23:41:53 - Software Distribution Service 3.0
RP230: 22/12/2008 23:41:53 - Software Distribution Service 3.0
RP231: 22/12/2008 23:41:53 - Software Distribution Service 3.0
RP232: 22/12/2008 23:41:53 - Software Distribution Service 3.0
RP233: 22/12/2008 23:41:53 - Removed Apple Software Update
RP234: 22/12/2008 23:41:54 - Removed Flash
RP235: 22/12/2008 23:41:54 - Software Distribution Service 3.0
RP236: 22/12/2008 23:41:54 - Installed BestAddress HTML Editor 2008 Professional
RP237: 22/12/2008 23:41:54 - Removed BestAddress HTML Editor 2008 Professional
RP238: 22/12/2008 23:41:54 - Software Distribution Service 3.0
RP239: 22/12/2008 23:41:54 - Software Distribution Service 3.0
RP240: 22/12/2008 23:41:54 - Installed Wayfinder MapLoader
RP241: 22/12/2008 23:41:55 - Defragmented and scanned by Avast and Spybot
RP242: 22/12/2008 23:41:55 - Software Distribution Service 3.0
RP243: 22/12/2008 23:41:55 - Software Distribution Service 3.0
RP244: 22/12/2008 23:41:56 - Software Distribution Service 3.0
RP245: 22/12/2008 23:41:56 - Installed Microsoft Visual C++ 2005 Redistributable
RP246: 22/12/2008 23:41:56 - Installed Sony Ericsson Media Manager 1.2
RP247: 22/12/2008 23:41:56 - Installed Adobe® Photoshop® Album Starter Edition 3.2
RP248: 22/12/2008 23:41:56 - Software Distribution Service 3.0
RP249: 22/12/2008 23:41:56 - Software Distribution Service 3.0
RP250: 22/12/2008 23:41:56 - Software Distribution Service 3.0
RP251: 22/12/2008 23:41:57 - Software Distribution Service 3.0
RP252: 22/12/2008 23:42:08 - Last known good configuration
RP253: 23/12/2008 00:25:56 - Windows Defender Checkpoint
RP254: 23/12/2008 00:32:02 - Windows Defender Checkpoint
RP255: 24/12/2008 13:45:29 - Windows Defender Checkpoint
RP256: 24/12/2008 17:25:18 - Installed Java™ 6 Update 11
RP257: 26/12/2008 13:35:58 - System Checkpoint
RP258: 26/12/2008 15:28:07 - Windows Defender Checkpoint
RP259: 27/12/2008 13:15:29 - Windows Defender Checkpoint
RP260: 28/12/2008 16:33:49 - Windows Defender Checkpoint
RP261: 28/12/2008 18:04:00 - Windows Defender Checkpoint
RP262: 29/12/2008 13:38:56 - Windows Defender Checkpoint
RP263: 29/12/2008 16:37:14 - Windows Defender Checkpoint
RP264: 30/12/2008 14:02:59 - Windows Defender Checkpoint
RP265: 31/12/2008 16:31:32 - Windows Defender Checkpoint
RP266: 31/12/2008 18:11:18 - Windows Defender Checkpoint
RP267: 02/01/2009 13:06:42 - Windows Defender Checkpoint
RP268: 02/01/2009 17:28:46 - Windows Defender Checkpoint
RP269: 03/01/2009 23:35:54 - Installed Windows XP Wdf01007.
RP270: 04/01/2009 15:57:48 - Windows Defender Checkpoint
RP271: 04/01/2009 18:34:52 - Windows Defender Checkpoint

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint Plus
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Advertisement Service
ArcSoft Software Suite
AutoUpdate
Avanquest update
avast! Antivirus
Azureus
biolsp patch
Bluetooth Stack for Windows by Toshiba
Broadcom ASF Management Applications
Broadcom Management Programs
Broadcom TPM Driver Installer
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Embassy Trust Suite by Wave Systems
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell Touchpad
Digital Line Detect
DivX Player
DivX Web Player
Document Manager Lite
DVD Shrink 3.2
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ESC Home Page Plugin
ESPRX600 Operation Guide
ESPRX600 Reference Guide
ESPRX600 Software Guide
ETS Upgrade
Free YouTube to Mp3 Converter version 2.5
GameSpy Comrade
Google Desktop
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Image Resizer Powertoy for Windows XP
Indago Updater
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
IntelliSonic Speech Enhancement
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 7
LibUSB-Win32-0.1.10.1
McAfee VirusScan Enterprise
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
Mozilla Firefox (3.0.5)
MP3 Player Recovery Device Drivers
mProSafe
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
NetWaiting
NTRU TCG Software Stack
O2Micro USB Smart Card Reader
PIF DESIGNER2.1
PowerDVD
Preboot Manager
Private Information Manager
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
ScanToWeb
Secure Update
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Wizards
SigmaTel Audio
Sonic Activation Module
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 4.005.00
Spybot - Search & Destroy
System Requirements Lab
tsp patch
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Service
upekmsi
VideoLAN VLC media player 0.8.6f
Wave Infrastructure Installer
Wave Support Software
Wayfinder MapLoader
WebFldrs XP
Windows Defender
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
Windows Driver Package - Intel (NETw5x32) net (07/08/2008 12.0.0.82)
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 3.0
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

31/12/2008 16:21:44, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 000740DC99F6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
31/12/2008 11:00:47, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
30/12/2008 18:34:40, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s).
30/12/2008 18:32:06, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
30/12/2008 18:21:09, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
30/12/2008 14:03:00, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=128082 Scan ID: {B52EC90D-7AC2-4B6B-8DDD-5011B865CC92} User: DJ90C33J\Roy Name: Trojan:Win32/Vundo.gen!Y ID: 128082 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
29/12/2008 13:35:31, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 000740DC99F6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
31/12/2008 16:31:33, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=128082 Scan ID: {6EC6ACA9-6765-4AAF-B140-6BF0D6A4683D} User: DJ90C33J\Roy Name: Trojan:Win32/Vundo.gen!Y ID: 128082 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
31/12/2008 21:10:50, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the libusbd service.
01/01/2009 14:51:03, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 000740DC99F6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
02/01/2009 13:09:24, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=128082 Scan ID: {9988A18F-8582-4DA8-9BC9-113262E6FAEB} User: DJ90C33J\Roy Name: Trojan:Win32/Vundo.gen!Y ID: 128082 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
04/01/2009 15:57:49, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=128082 Scan ID: {8A2E6939-05ED-4CFE-93A4-828E6B699AFC} User: DJ90C33J\Roy Name: Trojan:Win32/Vundo.gen!Y ID: 128082 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
04/01/2009 15:58:22, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=113087 Scan ID: {8413F5E7-5502-4C43-A419-8C3DCFE24577} User: DJ90C33J\Roy Name: Trojan:Win32/Conhook.D ID: 113087 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
04/01/2009 18:34:54, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=113087 Scan ID: {B1667B8C-D27B-4D23-B201-E903EC62A1BA} User: DJ90C33J\Roy Name: Trojan:Win32/Conhook.D ID: 113087 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
04/01/2009 18:37:23, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=128082 Scan ID: {D5F60BB7-7579-484F-BDD0-6C07B48DB110} User: DJ90C33J\Roy Name: Trojan:Win32/Vundo.gen!Y ID: 128082 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.

==== End Of File ===========================

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 05 January 2009 - 02:53 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 05 January 2009 - 03:14 PM

Thanks for your help so far!
This is the Malwarebytes' log

Malwarebytes' Anti-Malware 1.32
Database version: 1618
Windows 5.1.2600 Service Pack 3

05/01/2009 19:56:18
mbam-log-2009-01-05 (19-56-18).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 131101
Time elapsed: 47 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\iifddcaW.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6fc4161-832a-47b5-8a51-118242c3c17d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e6fc4161-832a-47b5-8a51-118242c3c17d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e6fc4161-832a-47b5-8a51-118242c3c17d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48e92754-2daf-4de4-8385-34f631580e9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a1c23ba2-8f20-4c01-b663-7ff2b3421194} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{84562fca-ee8b-4585-a1d1-eae97b23370e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f4406238-983a-4845-9053-f1d0007fd135} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifddcaw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifddcaw -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\iifddcaW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\Wacddfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Wacddfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmeqknvj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jvnkqemm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roy\Local Settings\Temp\cmwasxoenr.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roy\Local Settings\Temporary Internet Files\Content.IE5\LEG09IYL\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP223\A0229706.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP267\A0250903.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP267\A0250908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP268\A0250986.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP270\A0251105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP270\A0251106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP271\A0251139.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP271\A0251140.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\smdascbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tacyqqnd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roy\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSdxcp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

#5 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 05 January 2009 - 03:15 PM

This is the RSIT log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Roy at 2009-01-05 19:59:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (65%) free of 61 GB
Total RAM: 2038 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:15, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Documents and Settings\Roy\Desktop\RSIT.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\Drivers\bwcsrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Roy\Desktop\Roy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=1070827
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194987886788
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{4356CD92-C471-4417-815F-ACC607167F93}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: khfDwuuT - khfDwuuT.dll (file missing)
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 12456 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ciaewuay.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-01-25 159744]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-18 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-18 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-18 138008]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-02-20 1191936]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-02-18 303104]
"Document Manager"=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2007-01-30 102400]
"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-01-22 212992]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-24 136600]
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2008-07-10 1351680]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NudgeMania"=C:\Program Files\NudgeMania\NudgeMania.exe []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2008-07-10 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-18 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfDwuuT]
khfDwuuT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Rockstar Games\Midnight Club II Demo\mc2_demo.exe"="C:\Program Files\Rockstar Games\Midnight Club II Demo\mc2_demo.exe:*:Enabled:mc2_demo"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Indago Updater\IndagoUpdater.exe"="C:\Program Files\Indago Updater\IndagoUpdater.exe:*:Enabled:IndagoUpdater"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"C:\Program Files\Net Tools\DirectConnect.exe"="C:\Program Files\Net Tools\DirectConnect.exe:*:Enabled:Direct Connect lets two PC directly connect and Send/Receive files and chat."
"C:\Program Files\Net Tools\nettools5.exe"="C:\Program Files\Net Tools\nettools5.exe:*:Enabled:Net Tools by Mohammad Ahmadi Bidakhvidi"
"C:\Program Files\Net Tools\LANTalkerServer.exe"="C:\Program Files\Net Tools\LANTalkerServer.exe:*:Enabled:LAN Talker Server"
"C:\Program Files\Net Tools\CentralServer.exe"="C:\Program Files\Net Tools\CentralServer.exe:*:Enabled:Central Server"
"C:\Documents and Settings\Roy\Desktop\nethostfs_win\nethostfs.exe"="C:\Documents and Settings\Roy\Desktop\nethostfs_win\nethostfs.exe:*:Enabled:nethostfs"
"C:\Documents and Settings\Roy\Desktop\usbhostfswin\usbhostfs.exe"="C:\Documents and Settings\Roy\Desktop\usbhostfswin\usbhostfs.exe:*:Enabled:usbhostfs"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\Program Files\MultiProxy\MProxy.exe"="C:\Program Files\MultiProxy\MProxy.exe:*:Enabled:MultiProxy personal proxy server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3611703a-a8dc-11dc-9419-0013e873b21f}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a7fc7c3-9229-11dc-93e7-806d6172696f}]
shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c61501ab-031a-11dd-956b-0013e873b21f}]
shell\AutoRun\command - E:\AutoTransfer.exe


======List of files/folders created in the last 3 months======

2009-01-05 19:59:42 ----D---- C:\rsit
2009-01-05 19:13:19 ----HD---- C:\WINDOWS\PIF
2009-01-05 19:07:32 ----D---- C:\Documents and Settings\Roy\Application Data\Malwarebytes
2009-01-05 19:07:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 19:07:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 18:39:06 ----A---- C:\WINDOWS\system32\qoqhwgej.exe
2009-01-05 18:35:44 ----A---- C:\WINDOWS\system32\gmhwvnnl.dll
2009-01-04 18:37:03 ----SH---- C:\WINDOWS\system32\qarkqujg.ini
2009-01-04 15:57:13 ----SH---- C:\WINDOWS\system32\jrhdqvwo.ini
2009-01-03 23:35:54 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-01-03 23:35:46 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-01-03 23:22:10 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2009-01-02 13:09:00 ----SH---- C:\WINDOWS\system32\xmyksypm.ini
2008-12-31 16:30:50 ----SH---- C:\WINDOWS\system32\yvngagan.ini
2008-12-30 14:02:33 ----SH---- C:\WINDOWS\system32\nbwygkev.ini
2008-12-29 16:36:47 ----SH---- C:\WINDOWS\system32\jtvrblnp.ini
2008-12-28 16:33:09 ----SH---- C:\WINDOWS\system32\igxbcmas.ini
2008-12-27 13:15:00 ----SH---- C:\WINDOWS\system32\vpbhbqah.ini
2008-12-26 15:22:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-24 17:25:41 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-24 17:25:41 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-24 17:25:41 ----A---- C:\WINDOWS\system32\java.exe
2008-12-24 17:25:41 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-22 23:42:09 ----A---- C:\WINDOWS\system32\a38cbfdc-.txt
2008-12-21 20:22:27 ----A---- C:\WINDOWS\system32\securenet.dll
2008-12-15 20:55:04 ----D---- C:\Program Files\Common Files\Sony Shared
2008-12-15 20:54:41 ----D---- C:\Program Files\Sony
2008-12-15 20:50:20 ----D---- C:\Program Files\Avanquest update
2008-12-15 20:50:20 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-12-15 20:48:16 ----D---- C:\Program Files\Sony Ericsson
2008-12-15 20:48:16 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-12-10 21:29:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 21:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 21:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 21:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-08 19:07:10 ----D---- C:\Program Files\MAKEMSI Package Documentation
2008-12-08 19:07:09 ----D---- C:\Program Files\Wayfinder MapLoader
2008-12-03 21:12:46 ----A---- C:\WINDOWS\iScreensaver.ini
2008-12-03 21:12:10 ----D---- C:\Documents and Settings\Roy\Application Data\iScreensaver
2008-12-03 18:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-03 18:17:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-02 18:58:46 ----D---- C:\WINDOWS\Prefetch
2008-12-02 16:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-02 16:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-02 16:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-02 16:46:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-02 16:46:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-02 16:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-02 16:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-02 16:45:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-02 16:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-02 16:45:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-02 16:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-02 16:45:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-02 16:45:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-02 16:45:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-02 16:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-02 16:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-02 16:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-02 16:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-02 16:40:49 ----D---- C:\WINDOWS\system32\scripting
2008-12-02 16:40:49 ----D---- C:\WINDOWS\l2schemas
2008-12-02 16:40:48 ----D---- C:\WINDOWS\system32\en
2008-12-02 16:40:48 ----D---- C:\WINDOWS\system32\bits
2008-12-02 16:38:26 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-02 16:32:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-27 20:00:06 ----D---- C:\Documents and Settings\Roy\Application Data\Nullriver
2008-11-12 21:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 21:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-10-24 20:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-22 19:45:46 ----D---- C:\Program Files\WinPcap
2008-10-21 20:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-10-21 18:28:03 ----D---- C:\Program Files\Common Files\Vbox
2008-10-21 18:18:31 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-21 18:18:27 ----D---- C:\Program Files\DVD Shrink
2008-10-20 18:48:53 ----D---- C:\Program Files\GameSpy
2008-10-20 18:46:59 ----D---- C:\Program Files\MSBuild
2008-10-20 18:46:52 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-20 18:46:44 ----D---- C:\Program Files\Reference Assemblies
2008-10-20 18:46:15 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-10-20 18:45:47 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-10-16 20:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 20:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 20:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 20:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 20:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-07 20:26:40 ----D---- C:\QUARANTINE

======List of files/folders modified in the last 3 months======

2009-01-05 20:01:11 ----D---- C:\WINDOWS\Temp
2009-01-05 20:00:50 ----D---- C:\WINDOWS\Registration
2009-01-05 20:00:47 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-01-05 19:58:57 ----D---- C:\Program Files\Mozilla Firefox
2009-01-05 19:58:26 ----D---- C:\WINDOWS
2009-01-05 19:57:58 ----D---- C:\WINDOWS\system32\drivers
2009-01-05 19:57:58 ----D---- C:\WINDOWS\system32
2009-01-05 19:57:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 19:56:53 ----D---- C:\Documents and Settings\Roy\Application Data\Wave Systems Corp
2009-01-05 19:07:25 ----RD---- C:\Program Files
2009-01-05 16:50:38 ----SD---- C:\WINDOWS\Tasks
2009-01-04 17:40:54 ----HD---- C:\WINDOWS\inf
2009-01-03 23:22:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-31 18:38:51 ----D---- C:\Documents and Settings\Roy\Application Data\Azureus
2008-12-31 18:21:47 ----D---- C:\Apps
2008-12-31 18:16:10 ----D---- C:\Documents and Settings\Roy\Application Data\Mozilla
2008-12-26 15:22:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-26 14:53:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-26 14:50:33 ----A---- C:\WINDOWS\wininit.ini
2008-12-24 17:25:47 ----SHD---- C:\WINDOWS\Installer
2008-12-24 17:25:20 ----D---- C:\Program Files\Java
2008-12-21 20:33:24 ----D---- C:\WINDOWS\network diagnostic
2008-12-19 00:52:16 ----A---- C:\WINDOWS\WirelessFTP.INI
2008-12-18 21:00:58 ----A---- C:\WINDOWS\imsins.BAK
2008-12-18 21:00:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 21:00:52 ----D---- C:\WINDOWS\ie7updates
2008-12-18 21:00:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 21:02:53 ----RSD---- C:\WINDOWS\Fonts
2008-12-15 21:02:50 ----D---- C:\Program Files\Adobe
2008-12-15 20:55:58 ----RSD---- C:\WINDOWS\assembly
2008-12-15 20:55:04 ----D---- C:\Program Files\Common Files
2008-12-15 20:54:35 ----D---- C:\WINDOWS\WinSxS
2008-12-15 20:52:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-15 20:50:20 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 21:29:11 ----A---- C:\WINDOWS\win.ini
2008-12-10 21:28:06 ----D---- C:\Program Files\Internet Explorer
2008-12-09 23:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 22:31:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 22:03:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 21:16:22 ----A---- C:\WINDOWS\orun32.ini
2008-12-02 19:02:15 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-02 19:01:48 ----A---- C:\WINDOWS\setuplog.txt
2008-12-02 18:58:11 ----D---- C:\WINDOWS\system32\wbem
2008-12-02 18:58:11 ----D---- C:\WINDOWS\system32\Setup
2008-12-02 18:58:11 ----D---- C:\WINDOWS\AppPatch
2008-12-02 16:50:47 ----D---- C:\WINDOWS\security
2008-12-02 16:45:09 ----D---- C:\Program Files\Messenger
2008-12-02 16:40:59 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-02 16:40:59 ----D---- C:\WINDOWS\ime
2008-12-02 16:40:59 ----D---- C:\WINDOWS\Help
2008-12-02 16:40:50 ----D---- C:\WINDOWS\system32\usmt
2008-12-02 16:40:50 ----D---- C:\WINDOWS\system32\en-us
2008-12-02 16:40:48 ----D---- C:\WINDOWS\PeerNet
2008-12-02 16:40:48 ----D---- C:\Program Files\Movie Maker
2008-12-02 16:38:15 ----D---- C:\WINDOWS\system32\Restore
2008-12-02 16:38:15 ----D---- C:\WINDOWS\system32\npp
2008-12-02 16:38:15 ----D---- C:\WINDOWS\mui
2008-12-02 16:38:13 ----D---- C:\WINDOWS\msagent
2008-12-02 16:38:12 ----D---- C:\WINDOWS\srchasst
2008-12-02 16:38:11 ----D---- C:\Program Files\NetMeeting
2008-12-02 16:38:10 ----D---- C:\WINDOWS\system32\Com
2008-12-02 16:38:07 ----D---- C:\Program Files\Windows NT
2008-12-02 16:38:07 ----D---- C:\Program Files\Windows Media Player
2008-12-02 16:38:07 ----D---- C:\Program Files\Outlook Express
2008-12-02 16:38:04 ----D---- C:\Program Files\Common Files\System
2008-12-02 16:37:50 ----D---- C:\WINDOWS\system32\oobe
2008-12-02 16:37:48 ----D---- C:\WINDOWS\system
2008-12-02 16:35:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-02 16:32:53 ----D---- C:\WINDOWS\ehome
2008-11-27 20:02:32 ----D---- C:\Temp
2008-11-27 19:56:09 ----D---- C:\MDT
2008-11-26 17:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-31 17:57:00 ----SD---- C:\Documents and Settings\Roy\Application Data\Microsoft
2008-10-23 18:33:29 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-23 12:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 10:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 18:28:21 ----D---- C:\Documents and Settings\Roy\Application Data\Macromedia
2008-10-21 18:21:57 ----D---- C:\Documents and Settings\Roy\Application Data\SystemRequirementsLab
2008-10-20 18:46:25 ----D---- C:\WINDOWS\system32\spool
2008-10-16 20:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 20:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 20:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 20:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 20:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 20:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 20:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 20:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 20:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 20:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 20:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 20:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 20:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 07:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-09 17:54:48 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-04-26 64896]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 bwcdrv;BUFFALO Wireless Configuration; C:\WINDOWS\system32\DRIVERS\bwcdrv.sys [2003-12-21 19840]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-01-31 12672]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-04-18 11904]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-02-17 132608]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-12 160256]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-07-11 372480]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-30 56320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-01-31 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-01-31 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-18 5707744]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-02-18 1228296]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-11-13 38288]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2007-04-26 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-01-31 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WG11TND5.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 cglptnt;cglptnt; \??\C:\Documents and Settings\Roy\Desktop\TOTAL COMMANDER\cglptnt.sys []
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-01-03 10976]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-01-03 22368]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
S3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
S3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
S3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-03-12 2203520]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2003-04-04 30336]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 toshidpt;Bluetooth HID Port; C:\WINDOWS\system32\drivers\Toshidpt.sys [2007-04-26 3712]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-26 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-04-26 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-04-26 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2007-04-26 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-04-26 41856]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 bwcsrv;BUFFALO Wireless Configuration Service; C:\WINDOWS\system32\Drivers\bwcsrv.exe [2004-10-04 73728]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-07-10 819200]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-24 152984]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-02-20 475136]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-07-10 466944]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-07-10 901120]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [2007-02-18 90112]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.12 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-02-01 1466368]
R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [2008-07-10 352256]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2007-08-27 66560]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2003-04-04 77824]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-01-29 487424]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#6 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 05 January 2009 - 03:23 PM

This is the RSIT info.txt log

info.txt logfile of random's system information tool 1.05 2009-01-05 20:01:21

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus-->C:\Program Files\Azureus\Uninstall.exe
biolsp patch-->MsiExec.exe /I{E6095BEA-8C97-4342-B771-13BB72AC1D88}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom ASF Management Applications-->MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}
Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Document Manager Lite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EMBASSY Security Center-->C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup-->C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
EMBASSY Trust Suite by Wave Systems-->C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x0009 -removeonly
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x9 uninst
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEE20FE8-0F28-46C9-BAE9-869645B76412}\setup.exe" -l0x9 MyUninstall
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x9 uninst
EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
ESC Home Page Plugin-->C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
ESPRX600 Operation Guide-->C:\Program Files\EPSON\TPMANUAL\ESPRX600\COPY_G\DOCUNINS.EXE
ESPRX600 Reference Guide-->C:\Program Files\EPSON\TPMANUAL\ESPRX600\REF_G\DOCUNINS.EXE
ESPRX600 Software Guide-->C:\Program Files\EPSON\TPMANUAL\ESPRX600\PQU_G\DOCUNINS.EXE
ETS Upgrade-->C:\Program Files\InstallShield Installation Information\{72FECEA1-E87F-4192-89FA-D0FBF92885BB}\setup.exe -runfromtemp -l0x0409
Free YouTube to Mp3 Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
GameSpy Comrade-->MsiExec.exe /X{7C2E4E9B-0B88-48B6-B7B0-E3F3DF0A239D}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Roy\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Indago Updater-->MsiExec.exe /X{3F6114A3-2AAA-464B-98C1-9ABBBF5FCFAB}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Recovery Device Drivers-->C:\WINDOWS\pbmp3\unins000.exe
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NTRU TCG Software Stack-->MsiExec.exe /I{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}
O2Micro USB Smart Card Reader-->MsiExec.exe /I{9556CFD4-3F7E-4D1C-958B-759703E9CC21}
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Preboot Manager-->MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
Private Information Manager-->C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Secure Update-->C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Wizards-->C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{9EB1504E-FD95-4BCD-8E93-B4039F59C469}
Sony Ericsson PC Suite 4.005.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
tsp patch-->MsiExec.exe /I{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
upekmsi-->MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wave Infrastructure Installer-->MsiExec.exe /I{D31F958E-7353-4DEB-83E8-35B02F2EE20A}
Wave Support Software-->C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
Wayfinder MapLoader-->MsiExec.exe /I{40E205F9-47BD-4735-92E9-B9DE5ED627E8}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pbadrv_40CD90DE1AD5BDAF5E2676750520DB94FDE3886E\pbadrv.inf
Windows Driver Package - Intel (NETw5x32) net (07/08/2008 12.0.0.82)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\netw5x32_5D7B92042B0668A3105D65D65A89588D68A8CADD\netw5x32.inf
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.inf
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\oz776_ECA62BF451D0A6F7B3E38E62F6FA5166CAF54FCE\oz776.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.0-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090105-0]
AV: McAfee VirusScan Enterprise (disabled)

System event log

Computer Name: DJ90C33J
Event Code: 3005
Message: Windows Defender Real-Time Protection agent has taken action to protect this machine from spyware or other potentially unwanted software.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {84C317D6-00D5-4A05-8FF3-594C2968F753}

User: DJ90C33J\Roy

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Alert Type: Unclassified software

Action: Ignore

Record Number: 34041
Source Name: WinDefend
Time Written: 20081226190542.000000+000
Event Type: information
User:

Computer Name: DJ90C33J
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {84C317D6-00D5-4A05-8FF3-594C2968F753}

User: DJ90C33J\Roy

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: clsid:HKLM\SOFTWARE\CLASSES\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D};regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5BF49A2-94F1-42BD-F434-3604812C807D};regkey:HKLM\SOFTWARE\CLASSES\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D};bho:HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5BF49A2-94F1-42BD-F434-3604812C807D};file:C:\WINDOWS\system32\tyshb36rfjdf.dll

Alert Type: Unclassified software

Detection Type:

Record Number: 34040
Source Name: WinDefend
Time Written: 20081226190542.000000+000
Event Type: warning
User:

Computer Name: DJ90C33J
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{4356CD92-C471-4417-815F-ACC607167F93} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 34039
Source Name: Tcpip
Time Written: 20081226144004.000000+000
Event Type: information
User:

Computer Name: DJ90C33J
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {2B8FF6BF-B72C-457A-8DFF-AFB75C8040BC}

User: DJ90C33J\Roy

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: clsid:HKLM\SOFTWARE\CLASSES\CLSID\{3841DB32-578B-412E-B22F-0EA8254B654D};regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3841DB32-578B-412E-B22F-0EA8254B654D};regkey:HKLM\SOFTWARE\CLASSES\CLSID\{3841DB32-578B-412E-B22F-0EA8254B654D};bho:HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3841DB32-578B-412E-B22F-0EA8254B654D};file:C:\WINDOWS\system32\iifddcaW.dll

Alert Type: Unclassified software

Detection Type:

Record Number: 34038
Source Name: WinDefend
Time Written: 20081226142427.000000+000
Event Type: warning
User:

Computer Name: DJ90C33J
Event Code: 3005
Message: Windows Defender Real-Time Protection agent has taken action to protect this machine from spyware or other potentially unwanted software.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {82A39A63-887C-41A5-B79E-09F2B36D4686}

User: DJ90C33J\Roy

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Alert Type: Unclassified software

Action: Ignore

Record Number: 34037
Source Name: WinDefend
Time Written: 20081226142425.000000+000
Event Type: information
User:

Application event log

Computer Name: DJ90C33J
Event Code: 2444
Message: MS DTC started with the following settings:

Security Configuration (OFF = 0 and ON = 1): Network Administration of Transactions = 0, Network Clients = 0, Inbound Distributed Transactions using Native MSDTC Protocol = 0, Outbound Distributed Transactions using Native MSDTC Protocol = 0, Transaction Internet Protocol (TIP) = 0, XA Transactions = 0
Record Number: 50266
Source Name: MSDTC
Time Written: 20081217164630.000000+000
Event Type: information
User:

Computer Name: DJ90C33J
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 50265
Source Name: SecurityCenter
Time Written: 20081217164612.000000+000
Event Type: information
User:

Computer Name: DJ90C33J
Event Code: 5000
Message: McShield service started.

Engine version : 5300.2777

DAT version : 5466.0000



Number of signatures in EXTRA.DAT : None

Names of threats that EXTRA.DAT can detect : None

Record Number: 50264
Source Name: McLogEvent
Time Written: 20081217164606.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DJ90C33J
Event Code: 1
Message: Service started

Record Number: 50263
Source Name: sprtsvc_dellsupportcenter
Time Written: 20081217164558.000000+000
Event Type: information
User:

Computer Name: DJ90C33J
Event Code: 0
Message:
Record Number: 50262
Source Name: RegSrvc
Time Written: 20081217164557.000000+000
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\WiFi\bin\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 05 January 2009 - 03:24 PM

And finally the attached GMER file

Thanks!!!

Attached Files

  • Attached File  GMER.txt   511.78KB   2 downloads


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 05 January 2009 - 03:30 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 06 January 2009 - 03:10 PM

This is the Combofix log

ComboFix 09-01-05.05 - Roy 2009-01-06 19:54:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1359 [GMT 0:00]
Running from: c:\documents and settings\Roy\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090106-0] *On-access scanning disabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\igxbcmas.ini
c:\windows\system32\jrhdqvwo.ini
c:\windows\system32\jtvrblnp.ini
c:\windows\system32\nbwygkev.ini
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qarkqujg.ini
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\vpbhbqah.ini
c:\windows\system32\wpcap.dll
c:\windows\system32\x64
c:\windows\system32\xmyksypm.ini
c:\windows\system32\yvngagan.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_TDSSSERV.SYS
-------\Service_NPF
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-05 20:02 . 2009-01-05 20:02 250 --a------ c:\windows\gmer.ini
2009-01-05 19:59 . 2009-01-05 20:01 <DIR> d-------- C:\rsit
2009-01-05 19:13 . 2009-01-05 19:13 <DIR> d--h----- c:\windows\PIF
2009-01-05 19:07 . 2009-01-05 19:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 19:07 . 2009-01-05 19:07 <DIR> d-------- c:\documents and settings\Roy\Application Data\Malwarebytes
2009-01-05 19:07 . 2009-01-05 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 19:07 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 19:07 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 18:39 . 2009-01-05 18:39 33,832 --a------ c:\windows\system32\qoqhwgej.exe
2009-01-03 23:51 . 2009-01-03 23:51 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-03 23:51 . 2009-01-03 23:51 1,409 --a------ c:\windows\QTFont.for
2009-01-03 23:36 . 2009-01-03 23:36 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-03 23:36 . 2009-01-03 23:36 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-01-03 23:35 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-01-03 23:22 . 2009-01-03 23:22 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2009-01-03 23:22 . 2009-01-03 23:22 22,368 --a------ c:\windows\system32\drivers\ggsemc.sys
2009-01-03 23:22 . 2009-01-03 23:22 10,976 --a------ c:\windows\system32\drivers\ggflt.sys
2008-12-26 15:22 . 2009-01-06 16:53 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-24 17:25 . 2008-12-24 17:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 20:22 . 2008-08-30 00:53 151,552 --a------ c:\windows\system32\securenet.dll
2008-12-15 20:55 . 2008-12-15 20:55 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-12-15 20:54 . 2008-12-15 20:54 <DIR> d-------- c:\program files\Sony
2008-12-15 20:50 . 2008-12-15 20:50 <DIR> d-------- c:\program files\Avanquest update
2008-12-15 20:50 . 2008-12-15 20:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2008-12-15 20:49 . 2008-06-04 06:34 122,024 --a------ c:\windows\system32\drivers\s1018mdm.sys
2008-12-15 20:49 . 2008-06-04 06:34 117,544 --a------ c:\windows\system32\drivers\s1018unic.sys
2008-12-15 20:49 . 2008-06-04 06:34 115,368 --a------ c:\windows\system32\drivers\s1018mgmt.sys
2008-12-15 20:49 . 2008-06-04 06:34 111,784 --a------ c:\windows\system32\drivers\s1018obex.sys
2008-12-15 20:49 . 2008-06-04 06:34 90,408 --a------ c:\windows\system32\drivers\s1018bus.sys
2008-12-15 20:49 . 2008-06-04 06:34 25,768 --a------ c:\windows\system32\drivers\s1018nd5.sys
2008-12-15 20:49 . 2008-06-04 06:34 15,016 --a------ c:\windows\system32\drivers\s1018mdfl.sys
2008-12-15 20:49 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018whnt.sys
2008-12-15 20:49 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018wh.sys
2008-12-15 20:49 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018cmnt.sys
2008-12-15 20:49 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018cm.sys
2008-12-15 20:49 . 2008-06-04 06:34 10,792 --a------ c:\windows\system32\drivers\s1018cr.sys
2008-12-15 20:48 . 2009-01-03 23:21 <DIR> d-------- c:\program files\Sony Ericsson
2008-12-15 20:48 . 2008-12-15 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-12-08 19:07 . 2008-12-08 19:07 <DIR> d-------- c:\program files\Wayfinder MapLoader
2008-12-08 19:07 . 2008-12-08 19:07 <DIR> d-------- c:\program files\MAKEMSI Package Documentation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 19:57 --------- d-----w c:\documents and settings\Roy\Application Data\Wave Systems Corp
2009-01-06 19:24 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-31 18:38 --------- d-----w c:\documents and settings\Roy\Application Data\Azureus
2008-12-26 14:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-25 16:55 --------- d-----w c:\documents and settings\Guest\Application Data\Wave Systems Corp
2008-12-24 17:25 --------- d-----w c:\program files\Java
2008-12-15 20:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 21:12 4,040,627 ----a-w c:\windows\screensaver_2.SCR
2008-12-03 21:12 --------- d-----w c:\documents and settings\Roy\Application Data\iScreensaver
2008-11-27 20:00 --------- d-----w c:\documents and settings\Roy\Application Data\Nullriver
2008-11-17 21:21 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 102400]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-18 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-27 50688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2008-07-10 19:13 1191936 c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2006-10-20 16:23 118784 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-08-17 08:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Indago Updater\\IndagoUpdater.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-13 111184]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [2008-02-02 372480]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-12-29 33792]
R4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-13 20560]
R4 bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\bwcdrv.sys [2008-02-02 19840]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R4 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-08-11 5120]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 cglptnt;cglptnt;\??\c:\documents and settings\Roy\Desktop\TOTAL COMMANDER\cglptnt.sys --> c:\documents and settings\Roy\Desktop\TOTAL COMMANDER\cglptnt.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-12-08 17149]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-01-03 10976]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-12-15 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-12-15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-12-15 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-12-15 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-12-15 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-12-15 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-12-15 117544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3611703a-a8dc-11dc-9419-0013e873b21f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a7fc7c3-9229-11dc-93e7-806d6172696f}]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c61501ab-031a-11dd-956b-0013e873b21f}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\ciaewuay.job
- c:\windows\system32\rundll32.exe [2008-04-14 00:12]

2009-01-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-NudgeMania - c:\program files\NudgeMania\NudgeMania.exe
Notify-khfDwuuT - khfDwuuT.dll


.
------- Supplementary Scan -------
.
uStart Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\jp7wrgs4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - www.google.co.uk
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 19:59:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\drivers\bwcsrv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Intel\WiFi\bin\WLKEEPER.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2009-01-06 20:02:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-06 20:02:32

Pre-Run: 41,850,302,464 bytes free
Post-Run: 41,761,263,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

265 --- E O F --- 2008-12-22 18:19:25

#10 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 06 January 2009 - 03:11 PM

The new Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:25, on 06/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\Drivers\bwcsrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Roy\My Documents\Hari\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=1070827
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194987886788
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{4356CD92-C471-4417-815F-ACC607167F93}: NameServer = 192.168.0.1
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 12446 bytes


Thanks!

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 07 January 2009 - 01:50 AM

Please show hidden files and folders

Find and delete these files manually..

c:\windows\Tasks\ciaewuay.job
c:\windows\system32\qoqhwgej.exe




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me ESET Online Scanner result and tell me about your computer behaviour :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 07 January 2009 - 02:24 PM

Heres the log file from Eset

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3747 (20090107)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=b2ba8664bba09d4097efebee03bb004d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-07 05:08:46
# local_time=2009-01-07 05:08:46 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=395607
# found=0
# scan_time=2067


About an hour after the scan I kept getting popups from avast saying theres a trojan in 'C:\Documents and Settings\Roy\Local Settings\temp' and popups from websites keep appearing and my system has slowed down so I thought to send you a new hijackthis log in the next post. Thanks for your time so far.

#13 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 07 January 2009 - 02:27 PM

Heres the new hijackthis log (just in case you ask for it in your next post)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:19, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\Drivers\bwcsrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\prunnet.exe
C:\Documents and Settings\Roy\My Documents\Hari\hijackthis stuff\HiJackThis.exe
C:\Documents and Settings\Roy\My Documents\Hari\hijackthis stuff\Roy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=1070827
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194987886788
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{4356CD92-C471-4417-815F-ACC607167F93}: NameServer = 192.168.0.1
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 12712 bytes

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 08 January 2009 - 12:58 AM

You get reinfected.. Delete your version of ComboFix and download a fresh one from below.. Run it and post the log in your next reply..


Link 1
Link 2
Link 3


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 daddar

daddar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 09 January 2009 - 04:21 PM

This is the new log from ComboFix

ComboFix 09-01-08.05 - Roy 2009-01-09 21:08:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1429 [GMT 0:00]
Running from: c:\documents and settings\Roy\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090108-0] *On-access scanning disabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-07 16:36 . 2009-01-07 16:36 <DIR> d-------- c:\program files\RAR Password Cracker
2009-01-07 16:27 . 2009-01-07 19:34 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-05 20:02 . 2009-01-07 19:26 250 --a------ c:\windows\gmer.ini
2009-01-05 19:59 . 2009-01-05 20:01 <DIR> d-------- C:\rsit
2009-01-05 19:13 . 2009-01-05 19:13 <DIR> d--h----- c:\windows\PIF
2009-01-05 19:07 . 2009-01-05 19:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 19:07 . 2009-01-05 19:07 <DIR> d-------- c:\documents and settings\Roy\Application Data\Malwarebytes
2009-01-05 19:07 . 2009-01-05 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 19:07 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 19:07 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 23:51 . 2009-01-07 20:40 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-03 23:51 . 2009-01-03 23:51 1,409 --a------ c:\windows\QTFont.for
2009-01-03 23:36 . 2009-01-03 23:36 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-03 23:36 . 2009-01-03 23:36 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-01-03 23:35 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-01-03 23:22 . 2009-01-03 23:22 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2009-01-03 23:22 . 2009-01-03 23:22 22,368 --a------ c:\windows\system32\drivers\ggsemc.sys
2009-01-03 23:22 . 2009-01-03 23:22 10,976 --a------ c:\windows\system32\drivers\ggflt.sys
2008-12-26 15:22 . 2009-01-09 21:09 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-24 17:25 . 2008-12-24 17:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 20:22 . 2008-08-30 00:53 151,552 --a------ c:\windows\system32\securenet.dll
2008-12-15 20:55 . 2008-12-15 20:55 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-12-15 20:54 . 2008-12-15 20:54 <DIR> d-------- c:\program files\Sony
2008-12-15 20:50 . 2008-12-15 20:50 <DIR> d-------- c:\program files\Avanquest update
2008-12-15 20:50 . 2008-12-15 20:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2008-12-15 20:49 . 2008-06-04 06:34 122,024 --a------ c:\windows\system32\drivers\s1018mdm.sys
2008-12-15 20:49 . 2008-06-04 06:34 117,544 --a------ c:\windows\system32\drivers\s1018unic.sys
2008-12-15 20:49 . 2008-06-04 06:34 115,368 --a------ c:\windows\system32\drivers\s1018mgmt.sys
2008-12-15 20:49 . 2008-06-04 06:34 111,784 --a------ c:\windows\system32\drivers\s1018obex.sys
2008-12-15 20:49 . 2008-06-04 06:34 90,408 --a------ c:\windows\system32\drivers\s1018bus.sys
2008-12-15 20:49 . 2008-06-04 06:34 25,768 --a------ c:\windows\system32\drivers\s1018nd5.sys
2008-12-15 20:49 . 2008-06-04 06:34 15,016 --a------ c:\windows\system32\drivers\s1018mdfl.sys
2008-12-15 20:49 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018whnt.sys
2008-12-15 20:49 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018wh.sys
2008-12-15 20:49 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018cmnt.sys
2008-12-15 20:49 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018cm.sys
2008-12-15 20:49 . 2008-06-04 06:34 10,792 --a------ c:\windows\system32\drivers\s1018cr.sys
2008-12-15 20:48 . 2009-01-03 23:21 <DIR> d-------- c:\program files\Sony Ericsson
2008-12-15 20:48 . 2008-12-15 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 21:13 --------- d-----w c:\documents and settings\Roy\Application Data\Wave Systems Corp
2009-01-07 22:13 --------- d-----w c:\documents and settings\Roy\Application Data\Azureus
2009-01-06 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 19:24 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-26 14:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-25 17:24 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Wave Systems Corp
2008-12-25 16:55 --------- d-----w c:\documents and settings\Guest\Application Data\Wave Systems Corp
2008-12-24 17:25 --------- d-----w c:\program files\Java
2008-12-15 20:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 19:07 --------- d-----w c:\program files\Wayfinder MapLoader
2008-12-08 19:07 --------- d-----w c:\program files\MAKEMSI Package Documentation
2008-12-03 21:12 4,040,627 ----a-w c:\windows\screensaver_2.SCR
2008-12-03 21:12 --------- d-----w c:\documents and settings\Roy\Application Data\iScreensaver
2008-11-27 20:00 --------- d-----w c:\documents and settings\Roy\Application Data\Nullriver
2008-11-17 21:21 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-06_20.01.38.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-27 15:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 15:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-05 20:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 13:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
+ 2007-08-02 18:11:28 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2007-08-02 18:11:14 241,664 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2007-08-06 13:17:40 19,456 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2007-06-13 11:10:34 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
+ 2004-12-07 11:11:34 258,352 ----a-w c:\windows\system32\unicows.dll
+ 2009-01-09 21:12:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b4.dat
+ 2009-01-09 21:14:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d90.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NudgeMania"="c:\program files\NudgeMania\NudgeMania.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 102400]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-18 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-27 50688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2008-07-10 19:13 1191936 c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2006-10-20 16:23 118784 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-08-17 08:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"NudgeMania"=c:\program files\NudgeMania\NudgeMania.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Indago Updater\\IndagoUpdater.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-13 111184]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [2008-02-02 372480]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-12-29 33792]
R4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-13 20560]
R4 bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\bwcdrv.sys [2008-02-02 19840]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R4 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-08-11 5120]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 cglptnt;cglptnt;\??\c:\documents and settings\Roy\Desktop\TOTAL COMMANDER\cglptnt.sys --> c:\documents and settings\Roy\Desktop\TOTAL COMMANDER\cglptnt.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-12-08 17149]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-01-03 10976]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-12-15 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-12-15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-12-15 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-12-15 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-12-15 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-12-15 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-12-15 117544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3611703a-a8dc-11dc-9419-0013e873b21f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a7fc7c3-9229-11dc-93e7-806d6172696f}]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c61501ab-031a-11dd-956b-0013e873b21f}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070827
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\jp7wrgs4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - www.google.co.uk
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 21:15:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\windows\system32\drivers\bwcsrv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Intel\WiFi\bin\WLKEEPER.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2009-01-09 21:17:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-09 21:17:41
ComboFix2.txt 2009-01-06 20:02:36

Pre-Run: 45,289,181,184 bytes free
Post-Run: 45,269,766,144 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
249 --- E O F --- 2008-12-22 18:19:25


Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users