Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • This topic is locked This topic is locked
19 replies to this topic

#1 Manoel

Manoel

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 05 January 2009 - 12:35 AM

Hello and thank you for taking the time to read this entry.
First off I'm for the most part knowledgeable about computers and how they work, and I can understand any jargon written back in response, so dont contrain your vocabulary.
This is what i know:
1.My brower is hijacked. I know this because every time i do a google search and hover the mouse over a link, the status bar shows a url like go.google.com/*
2.Most anti virus websites are automatically blocked E.G. www.avg.com, www.kapersky.com, and most importantly update.windows.com. Even BC is blocked, as of this moment i am using a proxy to access this website and write this message. I dont know what that may signify, but thats how im circumventing the block.
3.Explorer.exe and rundll.exe and winlogon.exe are modified to start up with these bullbleep DLLs and BHOs that bleep my bleep up.
4.Spyboy, combofix, sdfix are all closed automatically when i try to run them.
5.New DLLs are made all the time and are attempting to be run constantly, only a Kaspersky has been able to stop the spreading.
6.When i run ad-aware 2008 it shows only 5 critical objects, all Virtumonde registry entries, which constantly reappear.

Thank you again.

PS.
For some reason i cannot post my attach.txt file to this post. I will save it if it is needed.

DDS (Version 1.1.0) - NTFSx86
Run by Manoel Test at 0:10:23.81 on Mon 01/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.503 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Manoel Test\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com
BHO: {eadda87d-d6e6-bc18-0d04-9f5ece0854f1}: {1f4580ec-e5f9-40d0-81cb-6e6dd78addae} - c:\windows\system32\ddjvoj.dll
BHO: {234ed267-bfee-4c12-9845-e97aaabf3ffc} - c:\windows\system32\yiriyidi.dll
BHO: {3CBD984C-A55C-46E6-97F8-D3676DAC5D5D} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {A56A80BD-F9FE-4D82-887C-595AF1A7A794} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E71D3FB0-2631-4214-A4DA-7FB867622029} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f3a3093f-a665-4b49-aa22-c8f4013a6b3e} - c:\windows\system32\ljJASlLf.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [vutukoboze] Rundll32.exe "c:\windows\system32\gezonawo.dll",s
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\biolsp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: jkkLffeb - jkkLffeb.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth c:\windows\system32\ljJASlLf
LSA: Notification Packages = scecli c:\windows\system32\kagohaku.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-4-28 110360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-27 26824]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-6-27 186640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-27 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-27 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 76040]
R4 AVP;Kaspersky Internet Security 7.0;c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe [2007-6-28 218376]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [2004-6-15 7882]

=============== Created Last 30 ================

2009-01-04 09:10 1,262,075 ---sh--- c:\windows\system32\igilumun.ini
2009-01-04 00:40 <DIR> --d----- c:\docume~1\manoel~1\applic~1\AVGTOOLBAR
2009-01-04 00:35 <DIR> --d----- c:\docume~1\manoel~1\applic~1\Wave Systems Corp
2009-01-04 00:35 <DIR> --d----- c:\documents and settings\Manoel Test
2009-01-04 00:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-04 00:06 <DIR> --d----- c:\program files\Tudou
2009-01-03 21:57 82,258 a------- c:\windows\system32\drivers\klin.dat
2009-01-03 21:57 82,258 a------- c:\windows\system32\drivers\klick.dat
2009-01-03 21:56 <DIR> --d----- c:\program files\Kaspersky Lab
2009-01-03 21:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-01-03 21:55 503,584 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-03 21:55 5,920 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-01-03 21:55 1,124 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-01-03 21:55 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-03 21:54 <DIR> --d----- C:\KAV
2009-01-03 14:07 1,262,075 ---sh--- c:\windows\system32\awupewaj.ini
2009-01-03 02:07 120 ---sh--- c:\windows\system32\okajejaf.ini
2009-01-02 14:15 1,307,949 ---sh--- c:\windows\system32\wfnuvnvv.ini
2009-01-02 14:15 89,600 a------- c:\windows\system32\vvnvunfw.dll
2009-01-02 14:09 134,144 a------- c:\windows\system32\ddjvoj.dll
2009-01-02 14:09 134,144 a------- c:\windows\system32\pqxocmye.dll
2009-01-02 14:08 1,262,640 ---sh--- c:\windows\system32\usuhavas.ini
2009-01-01 13:22 1,262,640 ---sh--- c:\windows\system32\oturujud.ini
2009-01-01 01:22 1,262,640 ---sh--- c:\windows\system32\aduripaf.ini
2008-12-31 13:22 1,262,640 ---sh--- c:\windows\system32\egeturit.ini
2008-12-31 01:22 1,262,640 ---sh--- c:\windows\system32\ebumadif.ini
2008-12-30 13:22 1,262,640 ---sh--- c:\windows\system32\ijiwuboy.ini
2008-12-30 00:29 <DIR> --d----- c:\program files\FlashGet
2008-12-30 00:22 1,262,642 ---sh--- c:\windows\system32\atusagil.ini
2008-12-30 00:16 60,416 a------- c:\windows\system32\~.exe
2008-12-29 22:43 <DIR> --d----- C:\VundoFix Backups
2008-12-29 19:50 131,584 a------- c:\windows\system32\xkqaqb.dll
2008-12-29 19:50 131,584 a------- c:\windows\system32\hggugmwy.dll
2008-12-29 19:48 <DIR> --d----- C:\dsbuff
2008-12-29 19:47 1,307,943 ---sh--- c:\windows\system32\oxxiqykq.ini
2008-12-29 19:01 <DIR> --d----- C:\dslazy
2008-12-28 19:49 139,264 a------- c:\windows\system32\jtgjtn.dll
2008-12-28 19:49 139,264 a------- c:\windows\system32\xhiyonfi.dll
2008-12-28 19:46 1,306,974 ---sh--- c:\windows\system32\erheawah.ini
2008-12-28 19:46 90,112 a------- c:\windows\system32\hawaehre.dll
2008-12-28 19:30 <DIR> --d----- c:\program files\Spybot - Search & Destroy 3
2008-12-28 13:55 552 a------- c:\windows\system32\d3d8caps.dat
2008-12-28 13:30 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-28 01:44 389,120 a------- c:\windows\system32\CF10616.exe
2008-12-28 01:44 389,120 a------- c:\windows\system32\CF10606.exe
2008-12-28 01:01 <DIR> --d----- c:\program files\Lavasoft
2008-12-28 01:00 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-28 00:24 <DIR> --d----- c:\program files\Trend Micro
2008-12-27 23:36 <DIR> --d----- c:\program files\Safer Networking
2008-12-27 22:56 <DIR> --d----- c:\program files\Smart PC Solutions
2008-12-27 22:45 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-27 22:45 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-27 22:45 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-27 22:45 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-27 22:45 <DIR> --d----- c:\program files\AVG
2008-12-27 22:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-27 22:28 <DIR> --d----- c:\program files\FirefoxPortableTest
2008-12-27 17:18 1,306,984 ---sh--- c:\windows\system32\gkpkibwq.ini
2008-12-27 17:18 83,456 a------- c:\windows\system32\qwbikpkg.dll
2008-12-27 17:15 134,656 a------- c:\windows\system32\wfwewc.dll
2008-12-27 17:15 134,656 a------- c:\windows\system32\jvbnogfv.dll
2008-12-27 17:02 143 a------- c:\windows\system32\mcrh.tmp
2008-12-27 16:11 <DIR> --d----- c:\windows\pss
2008-12-26 23:41 <DIR> --d----- c:\windows\system32\appmgmt
2008-12-26 01:32 135,680 a------- c:\windows\system32\wasgkp.dll
2008-12-26 01:32 135,680 a------- c:\windows\system32\kyuhfyja.dll
2008-12-26 01:29 1,661,209 ---sh--- c:\windows\system32\dhsnqttu.ini
2008-12-26 01:29 89,600 a------- c:\windows\system32\uttqnshd.dll
2008-12-25 18:43 <DIR> --d----- c:\program files\iPod
2008-12-25 18:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 18:42 <DIR> --d----- c:\program files\iTunes
2008-12-25 18:33 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-25 01:31 1,661,209 ---sh--- c:\windows\system32\quockddx.ini
2008-12-25 01:31 85,504 a------- c:\windows\system32\xddkcouq.dll
2008-12-25 01:25 134,656 a------- c:\windows\system32\jshntk.dll
2008-12-25 01:25 134,656 a------- c:\windows\system32\rvxoxdfe.dll
2008-12-25 01:23 1,003,957 a------- c:\windows\sysexplorer.exe
2008-12-25 01:23 134,149 a------- c:\windows\reged.exe
2008-12-25 01:23 51,197 a------- c:\windows\spoolsystem.exe
2008-12-25 01:23 50,620 a------- c:\windows\sys.com
2008-12-25 01:23 47,872 a------- c:\windows\syscert.exe
2008-12-25 01:23 18,941 a------- c:\windows\vmreg.dll
2008-12-25 01:23 <DIR> --d----- c:\program files\Spyware Guard 2008
2008-12-25 01:22 29,189 a------- c:\docume~1\alluse~1\applic~1\svhost.exe
2008-12-24 01:17 1,661,209 ---sh--- c:\windows\system32\jbjtpges.ini
2008-12-24 01:17 88,576 a------- c:\windows\system32\segptjbj.dll
2008-12-24 01:14 136,192 a------- c:\windows\system32\muxqft.dll
2008-12-24 01:14 136,192 a------- c:\windows\system32\xwkalhbr.dll
2008-12-23 17:24 675,742 a--sh--- c:\windows\system32\fLlSAJjl.ini2
2008-12-23 17:24 675,742 a--sh--- c:\windows\system32\fLlSAJjl.ini
2008-12-23 17:24 292,864 a------- c:\windows\system32\ljJASlLf.dll
2008-12-23 17:19 45,056 a------- c:\windows\system32\ddcDvssQ.dll
2008-12-23 17:19 58,880 a------- c:\windows\system32\jkkLffeb.dll
2008-12-23 17:19 70,656 a------- c:\windows\system32\prunnet.exe

==================== Find3M ====================

2009-01-04 23:24 29,427 a------- c:\windows\system32\nvModes.dat
2009-01-04 09:01 89,304 a--sh--- c:\windows\system32\numuligi.dll
2009-01-03 14:06 92,435 a--sh--- c:\windows\system32\jawepuwa.dll
2009-01-02 14:08 89,160 -------- c:\windows\system32\savahusu.dll
2009-01-02 14:08 69,970 a--sh--- c:\windows\system32\lokudeti.dll
2009-01-01 13:22 84,542 -------- c:\windows\system32\dujuruto.dll
2009-01-01 01:22 84,590 -------- c:\windows\system32\fapiruda.dll
2008-12-30 12:22 61,583 a--sh--- c:\windows\system32\keyutova.dll
2008-12-30 00:22 85,107 -------- c:\windows\system32\ligasuta.dll
2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
0000-00-00 00:00 69,970 a--sh--- c:\windows\system32\gezonawo.dll
0000-00-00 00:00 69,970 a--sh--- c:\windows\system32\kagohaku.dll
0000-00-00 00:00 69,970 a--sh--- c:\windows\system32\yiriyidi.dll

============= FINISH: 0:20:15.68 ===============

BC AdBot (Login to Remove)

 


#2 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 05 January 2009 - 01:24 AM

also i noted that when i attempt to run Combofix from the desktop, it fails to open just like Spybot. But, if i Start Menu> Run> ComboFix i get a dialogue box asking to open a copy of combo fix in my user's temporary docs. When i run it i get the small combofix startup bar, then it dissapears and 10 seconds later i get a message:
Error:
You cannot rename Combofix as ComboFix[1]
Please use another name preferbaly made up of alphanumeric characters

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 05 January 2009 - 05:49 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 05 January 2009 - 11:16 PM

I was unable to run the malwarebyte anti malware because the installer was terminated as it started, the same goes for spybot.

Log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by Manoel Test at 2009-01-05 23:10:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (46%) free of 114 GB
Total RAM: 1022 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:54 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Manoel Test\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\mbam-setup.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Manoel Test\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Manoel Test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: {eadda87d-d6e6-bc18-0d04-9f5ece0854f1} - {1f4580ec-e5f9-40d0-81cb-6e6dd78addae} - C:\WINDOWS\system32\ddjvoj.dll
O2 - BHO: (no name) - {234ed267-bfee-4c12-9845-e97aaabf3ffc} - C:\WINDOWS\system32\yiriyidi.dll
O2 - BHO: (no name) - {3CBD984C-A55C-46E6-97F8-D3676DAC5D5D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\jkkLffeb.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A56A80BD-F9FE-4D82-887C-595AF1A7A794} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E71D3FB0-2631-4214-A4DA-7FB867622029} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F8BC8232-A91C-4D50-A642-6362C3DB0C2F} - C:\WINDOWS\system32\ljJASlLf.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [vutukoboze] Rundll32.exe "C:\WINDOWS\system32\gezonawo.dll",s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: jkkLffeb - C:\WINDOWS\SYSTEM32\jkkLffeb.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7655 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\kfhrruql.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f4580ec-e5f9-40d0-81cb-6e6dd78addae}]
C:\WINDOWS\system32\ddjvoj.dll [2009-01-02 134144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{234ed267-bfee-4c12-9845-e97aaabf3ffc}]
C:\WINDOWS\system32\yiriyidi.dll [65535-65535-31889 69970]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CBD984C-A55C-46E6-97F8-D3676DAC5D5D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\jkkLffeb.dll [2008-12-23 58880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-27 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A56A80BD-F9FE-4D82-887C-595AF1A7A794}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E71D3FB0-2631-4214-A4DA-7FB867622029}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8BC8232-A91C-4D50-A642-6362C3DB0C2F}]
C:\WINDOWS\system32\ljJASlLf.dll [2008-12-23 292864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-27 2055960]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll []
"vutukoboze"=C:\WINDOWS\system32\gezonawo.dll [65535-65535-31889 69970]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-28 218376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-04 136600]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-27 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2006-11-22 1392640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2007-01-30 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-01-19 7401472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
C:\WINDOWS\system32\nvHotkey.dll [2006-01-19 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-01-22 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Universal Installer]
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe [2008-03-18 984616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Emily^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkLffeb]
C:\WINDOWS\system32\jkkLffeb.dll [2008-12-23 58880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\jkkLffeb.dll [2008-12-23 58880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
C:\WINDOWS\system32\ljJASlLf
"notification packages"=scecli
C:\WINDOWS\system32\kagohaku.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\wowclient-downloader[1].exe"="C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\wowclient-downloader[1].exe"="C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\CCP\EVE\bin\ExeFile.exe"="C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\dlbtcoms.exe"="C:\WINDOWS\system32\dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\savahusu.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\fapiruda.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\dujuruto.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yiriyidi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\viyiyini.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\numuligi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lokudeti.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kagohaku.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jawepuwa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gezonawo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gepesiso.dll
2009-01-05 23:10:38 ----D---- C:\rsit
2009-01-05 22:38:28 ----A---- C:\WINDOWS\system32\CF23011.exe
2009-01-05 22:30:53 ----A---- C:\WINDOWS\system32\CF21542.exe
2009-01-05 22:10:21 ----A---- C:\WINDOWS\system32\CF17515.exe
2009-01-05 01:31:54 ----A---- C:\WINDOWS\system32\CF4236.exe
2009-01-05 01:20:38 ----A---- C:\WINDOWS\system32\CF2018.exe
2009-01-05 01:14:24 ----A---- C:\WINDOWS\system32\CF826.exe
2009-01-05 01:00:28 ----A---- C:\WINDOWS\system32\CF30858.exe
2009-01-05 00:59:14 ----A---- C:\WINDOWS\system32\CF30626.exe
2009-01-05 00:57:48 ----A---- C:\WINDOWS\system32\CF30316.exe
2009-01-05 00:54:14 ----A---- C:\WINDOWS\system32\CF29620.exe
2009-01-05 00:51:21 ----D---- C:\Documents and Settings\Manoel Test\Application Data\WinRAR
2009-01-04 09:10:28 ----SH---- C:\WINDOWS\system32\igilumun.ini
2009-01-04 00:51:38 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Macromedia
2009-01-04 00:51:35 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Adobe
2009-01-04 00:47:23 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Opera
2009-01-04 00:40:36 ----D---- C:\Documents and Settings\Manoel Test\Application Data\AVGTOOLBAR
2009-01-04 00:35:35 ----ASH---- C:\Documents and Settings\Manoel Test\Application Data\desktop.ini
2009-01-04 00:35:33 ----SD---- C:\Documents and Settings\Manoel Test\Application Data\Microsoft
2009-01-04 00:35:33 ----HD---- C:\Documents and Settings\Manoel Test\Application Data\Gtek
2009-01-04 00:35:33 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Wave Systems Corp
2009-01-04 00:35:33 ----D---- C:\Documents and Settings\Manoel Test\Application Data\InstallShield
2009-01-04 00:35:33 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Identities
2009-01-04 00:33:33 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-04 00:33:33 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-04 00:33:33 ----A---- C:\WINDOWS\system32\java.exe
2009-01-04 00:33:33 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-04 00:06:14 ----D---- C:\Program Files\Tudou
2009-01-03 21:56:00 ----D---- C:\Program Files\Kaspersky Lab
2009-01-03 21:56:00 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-01-03 21:54:41 ----D---- C:\KAV
2009-01-03 14:07:02 ----SH---- C:\WINDOWS\system32\awupewaj.ini
2009-01-03 02:07:16 ----SH---- C:\WINDOWS\system32\okajejaf.ini
2009-01-02 14:50:16 ----D---- C:\Program Files\Opera
2009-01-02 14:15:33 ----SH---- C:\WINDOWS\system32\wfnuvnvv.ini
2009-01-02 14:15:32 ----A---- C:\WINDOWS\system32\vvnvunfw.dll
2009-01-02 14:09:35 ----A---- C:\WINDOWS\system32\ddjvoj.dll
2009-01-02 14:09:34 ----A---- C:\WINDOWS\system32\pqxocmye.dll
2009-01-02 14:08:12 ----SH---- C:\WINDOWS\system32\usuhavas.ini
2009-01-01 13:22:54 ----SH---- C:\WINDOWS\system32\oturujud.ini
2009-01-01 01:22:52 ----SH---- C:\WINDOWS\system32\aduripaf.ini
2008-12-31 13:22:51 ----SH---- C:\WINDOWS\system32\egeturit.ini
2008-12-31 01:22:50 ----SH---- C:\WINDOWS\system32\ebumadif.ini
2008-12-30 13:22:38 ----SH---- C:\WINDOWS\system32\ijiwuboy.ini
2008-12-30 00:29:38 ----D---- C:\Program Files\FlashGet
2008-12-30 00:22:19 ----SH---- C:\WINDOWS\system32\atusagil.ini
2008-12-30 00:16:18 ----A---- C:\WINDOWS\system32\~.exe
2008-12-29 22:43:42 ----D---- C:\VundoFix Backups
2008-12-29 22:43:42 ----A---- C:\VundoFix.txt
2008-12-29 19:50:15 ----A---- C:\WINDOWS\system32\xkqaqb.dll
2008-12-29 19:50:10 ----A---- C:\WINDOWS\system32\hggugmwy.dll
2008-12-29 19:48:35 ----D---- C:\dsbuff
2008-12-29 19:47:15 ----SH---- C:\WINDOWS\system32\oxxiqykq.ini
2008-12-29 19:01:30 ----D---- C:\dslazy
2008-12-28 19:49:49 ----A---- C:\WINDOWS\system32\jtgjtn.dll
2008-12-28 19:49:48 ----A---- C:\WINDOWS\system32\xhiyonfi.dll
2008-12-28 19:46:05 ----SH---- C:\WINDOWS\system32\erheawah.ini
2008-12-28 19:46:01 ----A---- C:\WINDOWS\system32\hawaehre.dll
2008-12-28 19:30:09 ----D---- C:\Program Files\Spybot - Search & Destroy 3
2008-12-28 13:30:58 ----HD---- C:\$AVG8.VAULT$
2008-12-28 01:44:38 ----A---- C:\WINDOWS\system32\CF10616.exe
2008-12-28 01:44:37 ----A---- C:\WINDOWS\system32\CF10606.exe
2008-12-28 01:44:14 ----A---- C:\Bug.txt
2008-12-28 01:01:15 ----D---- C:\Program Files\Lavasoft
2008-12-28 01:00:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-28 00:24:32 ----D---- C:\Program Files\Trend Micro
2008-12-27 23:36:30 ----D---- C:\Program Files\Safer Networking
2008-12-27 22:45:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-27 22:45:10 ----D---- C:\Program Files\AVG
2008-12-27 22:45:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-27 22:32:53 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-27 22:28:43 ----D---- C:\Program Files\FirefoxPortableTest
2008-12-27 17:18:07 ----SH---- C:\WINDOWS\system32\gkpkibwq.ini
2008-12-27 17:18:02 ----A---- C:\WINDOWS\system32\qwbikpkg.dll
2008-12-27 17:15:02 ----A---- C:\WINDOWS\system32\wfwewc.dll
2008-12-27 17:15:01 ----A---- C:\WINDOWS\system32\jvbnogfv.dll
2008-12-27 17:02:49 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-12-27 16:11:11 ----D---- C:\WINDOWS\pss
2008-12-26 23:41:41 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-26 23:37:17 ----SHD---- C:\WINDOWS\CSC
2008-12-26 23:36:54 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-26 01:32:07 ----A---- C:\WINDOWS\system32\wasgkp.dll
2008-12-26 01:32:07 ----A---- C:\WINDOWS\system32\kyuhfyja.dll
2008-12-26 01:29:11 ----SH---- C:\WINDOWS\system32\dhsnqttu.ini
2008-12-26 01:29:07 ----A---- C:\WINDOWS\system32\uttqnshd.dll
2008-12-25 18:43:02 ----D---- C:\Program Files\iPod
2008-12-25 18:42:53 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 18:42:51 ----D---- C:\Program Files\iTunes
2008-12-25 18:37:49 ----D---- C:\Program Files\QuickTime
2008-12-25 18:34:40 ----D---- C:\Program Files\Apple Software Update
2008-12-25 01:31:28 ----SH---- C:\WINDOWS\system32\quockddx.ini
2008-12-25 01:31:25 ----A---- C:\WINDOWS\system32\xddkcouq.dll
2008-12-25 01:25:26 ----A---- C:\WINDOWS\system32\jshntk.dll
2008-12-25 01:25:25 ----A---- C:\WINDOWS\system32\rvxoxdfe.dll
2008-12-25 01:23:14 ----A---- C:\WINDOWS\vmreg.dll
2008-12-25 01:23:14 ----A---- C:\WINDOWS\sysexplorer.exe
2008-12-25 01:23:14 ----A---- C:\WINDOWS\syscert.exe
2008-12-25 01:23:14 ----A---- C:\WINDOWS\sys.com
2008-12-25 01:23:14 ----A---- C:\WINDOWS\spoolsystem.exe
2008-12-25 01:23:14 ----A---- C:\WINDOWS\reged.exe
2008-12-25 01:23:13 ----D---- C:\Program Files\Spyware Guard 2008
2008-12-25 01:22:45 ----A---- C:\Documents and Settings\All Users\Application Data\svhost.exe
2008-12-24 01:17:22 ----SH---- C:\WINDOWS\system32\jbjtpges.ini
2008-12-24 01:17:18 ----A---- C:\WINDOWS\system32\segptjbj.dll
2008-12-24 01:14:22 ----A---- C:\WINDOWS\system32\muxqft.dll
2008-12-24 01:14:21 ----A---- C:\WINDOWS\system32\xwkalhbr.dll
2008-12-23 17:25:49 ----A---- C:\WINDOWS\system32\17ce32a2-.txt
2008-12-23 17:24:59 ----ASH---- C:\WINDOWS\system32\fLlSAJjl.ini2
2008-12-23 17:24:59 ----ASH---- C:\WINDOWS\system32\fLlSAJjl.ini
2008-12-23 17:24:54 ----A---- C:\WINDOWS\system32\ljJASlLf.dll
2008-12-23 17:19:50 ----A---- C:\WINDOWS\system32\ddcDvssQ.dll
2008-12-23 17:19:29 ----A---- C:\WINDOWS\system32\jkkLffeb.dll
2008-12-23 17:19:27 ----A---- C:\WINDOWS\system32\prunnet.exe
2008-12-11 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-21 16:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 16:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 16:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 16:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-11-12 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-31 15:03:39 ----D---- C:\Program Files\uTorrent
2008-10-24 02:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 02:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-10 22:00:12 ----D---- C:\Program Files\PokerStars
2008-10-10 21:45:14 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-09 17:21:16 ----D---- C:\Program Files\AVI MPEG RM WMV Joiner

======List of files/folders modified in the last 3 months======

2009-01-05 23:03:07 ----D---- C:\WINDOWS\Temp
2009-01-05 23:03:07 ----D---- C:\WINDOWS\system32
2009-01-05 23:03:03 ----D---- C:\WINDOWS\system32\drivers
2009-01-05 23:02:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 23:01:20 ----D---- C:\WINDOWS\Registration
2009-01-05 23:01:13 ----D---- C:\WINDOWS
2009-01-05 23:00:59 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-01-05 22:30:13 ----D---- C:\WINDOWS\Prefetch
2009-01-05 16:50:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 03:02:33 ----RD---- C:\Program Files
2009-01-05 01:54:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-05 01:38:44 ----D---- C:\Program Files\DivX
2009-01-05 01:07:40 ----SHD---- C:\RECYCLER
2009-01-05 00:51:57 ----D---- C:\Program Files\Java
2009-01-04 00:37:58 ----SHD---- C:\WINDOWS\Installer
2009-01-04 00:37:50 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-04 00:35:30 ----D---- C:\Documents and Settings
2009-01-03 21:56:38 ----HD---- C:\WINDOWS\inf
2008-12-30 12:22:13 ----ASH---- C:\WINDOWS\system32\keyutova.dll
2008-12-30 00:22:12 ----N---- C:\WINDOWS\system32\ligasuta.dll
2008-12-29 16:45:16 ----SHD---- C:\System Volume Information
2008-12-29 16:45:16 ----D---- C:\WINDOWS\system32\Restore
2008-12-29 16:42:22 ----RASH---- C:\boot.ini
2008-12-29 16:42:22 ----A---- C:\WINDOWS\win.ini
2008-12-29 16:42:22 ----A---- C:\WINDOWS\system.ini
2008-12-29 08:50:45 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-29 08:34:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-28 19:44:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 01:48:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-28 01:02:19 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-28 01:00:13 ----D---- C:\Program Files\Common Files
2008-12-27 22:45:00 ----D---- C:\WINDOWS\WinSxS
2008-12-27 22:45:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-27 22:20:14 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-12-27 22:14:20 ----D---- C:\WINDOWS\network diagnostic
2008-12-27 21:43:36 ----D---- C:\Program Files\Modem Helper
2008-12-27 17:04:14 ----D---- C:\Program Files\Bonjour
2008-12-25 18:44:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-25 18:43:01 ----D---- C:\Program Files\Common Files\Apple
2008-12-25 18:35:01 ----SD---- C:\WINDOWS\Tasks
2008-12-25 18:33:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-25 01:23:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-24 01:06:46 ----D---- C:\WINDOWS\system32\config
2008-12-24 01:06:26 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 03:01:07 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 03:00:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 03:02:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-14 15:30:14 ----D---- C:\Program Files\dl_Cats
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 03:02:48 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 03:02:35 ----D---- C:\Program Files\Internet Explorer
2008-11-22 04:54:44 ----D---- C:\WINDOWS\Help
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-27 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-27 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-22 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-30 56320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-19 3595296]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 GTKCMOS;GTKCMOS; \??\C:\WINDOWS\system32\GTKCMOS.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-27 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-27 231704]
R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-28 218376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2007-06-07 538096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-05-14 475136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-19 143428]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.12 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-02-01 1466368]
R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-22 20480]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-01-29 487424]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#5 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 05 January 2009 - 11:17 PM

info.txt
info.txt logfile of random's system information tool 1.05 2009-01-05 23:11:02

======Uninstall list======

-->C:\Program Files\Spyware Guard 2008\uninstall.exe
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
biolsp patch-->MsiExec.exe /I{E6095BEA-8C97-4342-B771-13BB72AC1D88}
Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
Comcast Universal Installer v1.2-->MsiExec.exe /I{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Document Manager Lite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
EMBASSY Security Center-->C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup-->C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
EMBASSY Trust Suite by Wave Systems-->C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x0009 -removeonly
ESC Home Page Plugin-->C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
ETS Upgrade-->C:\Program Files\InstallShield Installation Information\{72FECEA1-E87F-4192-89FA-D0FBF92885BB}\setup.exe -runfromtemp -l0x0409
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTK+ Runtime 2.12.1 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NTRU TCG Software Stack-->MsiExec.exe /I{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O2Micro USB Smart Card Reader-->MsiExec.exe /I{9556CFD4-3F7E-4D1C-958B-759703E9CC21}
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Opera 9.63-->MsiExec.exe /X{2C0CD17D-0B06-4700-83FA-7344B868B0A2}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Preboot Manager-->MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
Private Information Manager-->C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RegAlyzer (OpenSBI Edition)-->"C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
Secure Update-->C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Wizards-->C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy 3\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
upekmsi-->MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Wave Infrastructure Installer-->MsiExec.exe /I{D31F958E-7353-4DEB-83E8-35B02F2EE20A}
Wave Support Software-->C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pbadrv_40CD90DE1AD5BDAF5E2676750520DB94FDE3886E\pbadrv.inf
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\oz776_ECA62BF451D0A6F7B3E38E62F6FA5166CAF54FCE\oz776.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Emily\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Emily\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free (disabled) (outdated)
AV: Kaspersky Internet Security (outdated)
FW: Kaspersky Internet Security

System event log

Computer Name: OSCARJR
Event Code: 7036
Message: The Windows CardSpace service entered the running state.

Record Number: 18638
Source Name: Service Control Manager
Time Written: 20081215034902.000000-300
Event Type: information
User:

Computer Name: OSCARJR
Event Code: 7035
Message: The Windows CardSpace service was successfully sent a start control.

Record Number: 18637
Source Name: Service Control Manager
Time Written: 20081215034902.000000-300
Event Type: information
User: OSCARJR\Emily

Computer Name: OSCARJR
Event Code: 7036
Message: The Windows CardSpace service entered the stopped state.

Record Number: 18636
Source Name: Service Control Manager
Time Written: 20081214225042.000000-300
Event Type: information
User:

Computer Name: OSCARJR
Event Code: 7035
Message: The Windows CardSpace service was successfully sent a stop control.

Record Number: 18635
Source Name: Service Control Manager
Time Written: 20081214225042.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: OSCARJR
Event Code: 7036
Message: The Windows CardSpace service entered the running state.

Record Number: 18634
Source Name: Service Control Manager
Time Written: 20081214215042.000000-300
Event Type: information
User:

Application event log

Computer Name: OSCARJR
Event Code: 2003
Message:
Record Number: 5
Source Name: EAPOL
Time Written: 20090104002436.000000-300
Event Type: information
User:

Computer Name: OSCARJR
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 4
Source Name: SecurityCenter
Time Written: 20090104002250.000000-300
Event Type: information
User:

Computer Name: OSCARJR
Event Code: 1
Message:
Record Number: 3
Source Name: avg8emc
Time Written: 20090104002250.000000-300
Event Type: information
User:

Computer Name: OSCARJR
Event Code: 1000
Message: Faulting application ViewpointService.exe, version 2.0.0.54, faulting module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Record Number: 2
Source Name: Application Error
Time Written: 20090104002210.000000-300
Event Type: error
User:

Computer Name: OSCARJR
Event Code: 1
Message:
Record Number: 1
Source Name: Bonjour Service
Time Written: 20090104002133.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 05 January 2009 - 11:21 PM

GMER also wouldnt run. Every time i tried to runthe program it would add the exe to the processes tab, but mem usage would stall at 3,744 K and no CPU usage. There was also no GUI on screen.

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 06 January 2009 - 01:40 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 06 January 2009 - 02:09 AM

you're correct with changing the name of combofix to something else. just before i read your most recent reply i solved *i think* my problems. I did some research on BC and saw someone recommend renaming combofix to GlobRemover.exe I did so, and miraculously it worked.... should have tried that before.

Anyway, combofix rebooted my computer twice, deleted a lot of root kits and nasty DLLs.
My brower is no longer hijacked and Kaspersky doesnt flip out when explorer starts.


At the end of combofix the program starts compiling a log, i let it run for a few minutes. Cannot find temp:01 is the error message i get.

So i ran combofix again. Works smoothly, but again, i get no log.

I just ran HJT once more and here is its log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:05, on 2009-01-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy 3\SpybotSD.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: {eadda87d-d6e6-bc18-0d04-9f5ece0854f1} - {1f4580ec-e5f9-40d0-81cb-6e6dd78addae} - C:\WINDOWS\system32\ddjvoj.dll (file missing)
O2 - BHO: (no name) - {234ed267-bfee-4c12-9845-e97aaabf3ffc} - C:\WINDOWS\system32\yiriyidi.dll (file missing)
O2 - BHO: (no name) - {3CBD984C-A55C-46E6-97F8-D3676DAC5D5D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A56A80BD-F9FE-4D82-887C-595AF1A7A794} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E71D3FB0-2631-4214-A4DA-7FB867622029} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F6CC33ED-DE9C-45BA-97A5-C01FE157E3FC} - C:\WINDOWS\system32\ljJASlLf.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7441 bytes

#9 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 06 January 2009 - 02:42 AM

just completed a post combofix Spybot scan. picked up a few trojans and smitfraud.
restarting and scanning again

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 06 January 2009 - 05:36 AM

Ok.. Run Malwarebytes' again as per Post #3.. Remove everyhing that it found and post the log here..

Then run RSIT once again and post the RSIT log.txt here in your next reply..

So, please include these two logs..

1. Malwarebytes'
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 06 January 2009 - 01:25 PM

Malwarebyte's Log
Malwarebytes' Anti-Malware 1.32
Database version: 1624
Windows 5.1.2600 Service Pack 3

2009-01-06 13:23:56
mbam-log-2009-01-06 (13-23-56).txt

Scan type: Quick Scan
Objects scanned: 70210
Time elapsed: 12 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 63
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08b79505-1889-43bd-ade4-c2f29f8250a0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e969ae5-b82b-4163-a687-5687c516914c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f37ceff-e9ee-43ca-b39c-9c5fad4a8944} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{145cacfd-6bcf-4e74-9aea-feb0f7dc081f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1cde2a7a-4718-486d-8b2a-505d690155ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d1e8fe7-7e49-42ac-b9fa-acf41cece5c4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{229701b2-3445-4a1f-a98d-646cecf8cb7e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2348d40d-182f-42c6-bb95-1ae21cedd9a3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24e89ddb-42a0-4783-98b4-132ccd10260e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{268d4c93-00b9-46f5-9d44-42bbaf8529c5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2752feda-463b-49d8-82c6-107ffb372e61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{29387ff5-6aff-4248-98f1-2df027719978} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b6ccc9d-4d2f-4b28-88cd-e2f3d5cd41d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e06f0dc-cdd6-44ca-83c6-561b17d2a176} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30a0e18e-9330-4f97-913b-35fc8819a8a6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{32ce3843-822a-43ec-98ac-932332cb3337} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3df86085-d8ce-40f1-900e-d338275563d4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e4fdbc3-e555-4caf-85cf-42d78a43819a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46f0fbfb-a7d7-404d-82a5-c0fe21c1c8a3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a8cda3c-c3f8-4268-a21f-d679371c79a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4af18324-ce82-4d65-aef0-f3c672789f4d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4cd90986-f5d0-461c-98e8-29ee64793add} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e8c6c77-079f-4f69-8d40-71bc82e33494} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ee55dcc-4f2b-413d-a91f-83da21c81589} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55a5611e-2548-4e63-9633-f809aa0a362e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55d0fc0a-4e0e-4d74-8572-54ec5b551fcf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{56844d1b-76cf-465b-b88e-f37841eefaa0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{58c0a07e-908d-432e-bd56-fb032d66b3af} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c20f8e7-f291-4ec0-b824-fbacff668d89} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f25d7b4-34ca-473b-ad2c-b64777cf9173} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f33430b-2e65-4ae4-a05d-0f61e3781129} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6035004f-ea98-41b5-8613-cf6ab7f57d26} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b2577ba-16e5-4cc8-b41b-9bce9a052f53} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f52fa69-af36-4969-ada7-e72011ddbe9d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{807fc8ac-c091-4031-94b5-9dfb91d9da3f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8239ec28-1265-4b86-ba9c-e8379e7a009d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{89808d44-60f9-4ded-9376-ec2a45a16b81} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8eacffdb-1e78-4b17-9cc7-c6a971a50f02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90e2f9d8-c687-45fe-b74b-9b152b41966a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9804bee7-fd75-4621-bffb-164a3736e806} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9aaddaa0-f19c-4b69-be7f-ff36e5ffcc98} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d68ab9b-ed0e-4e3d-b474-0ae025d2959a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae2d3661-7b6f-4a3e-81f0-33c965d15a5c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b55dd89f-6f8b-4194-b18d-8ca67ae75794} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd81d6d4-c28d-4d37-a526-1b9c5d9df2ec} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce59f956-6619-42c3-bb16-4217719fa660} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce8e6dd0-04fa-4407-bde3-0662af87b166} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc757282-ed4d-4038-ac41-1967b6259125} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de4434df-1c9c-424f-a813-98a61956d6dc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dfb86cfa-1552-4007-8462-972ced7c01bc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1653834-42ce-4740-939d-8a390a2c7624} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e34568d2-9582-4132-82d1-cbc6be4c8b62} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eeb36c20-a585-4f85-975c-4b11f9794e59} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f4138c83-7e24-498d-982f-f25e2fb72b24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f4f6cd59-e70b-40dd-85b5-3be4e5ab0f72} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f57b6a65-81fe-42c7-a4b4-c7d39fceb497} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6cb1f7e-8e10-4fb1-abc6-84c329ed9016} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9668246-c65d-423d-ab81-6dd3217c0ba4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fb493357-4c5a-45da-8f91-dbfeff6c1f51} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe8f4b6d-6e9b-4a3e-ad01-130153a3d26f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ff8ee188-37d8-4c1e-a20d-adb35de218d9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gajukilu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\terobila.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wawavara.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1603073481-2378118310-755788252-1005\Dc929.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1603073481-2378118310-755788252-1005\Dc930.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\nsvfmzgrtt.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


RSIT Log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Manoel Test at 2009-01-06 13:24:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 49 GB (43%) free of 114 GB
Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24, on 2009-01-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Manoel Test\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Manoel Test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {3CBD984C-A55C-46E6-97F8-D3676DAC5D5D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A56A80BD-F9FE-4D82-887C-595AF1A7A794} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E71D3FB0-2631-4214-A4DA-7FB867622029} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F6CC33ED-DE9C-45BA-97A5-C01FE157E3FC} - C:\WINDOWS\system32\ljJASlLf.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6824 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\kfhrruql.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CBD984C-A55C-46E6-97F8-D3676DAC5D5D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~2\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-27 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A56A80BD-F9FE-4D82-887C-595AF1A7A794}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E71D3FB0-2631-4214-A4DA-7FB867622029}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6CC33ED-DE9C-45BA-97A5-C01FE157E3FC}]
C:\WINDOWS\system32\ljJASlLf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-27 2055960]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-04 136600]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-27 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2006-11-22 1392640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2007-01-30 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-01-19 7401472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
C:\WINDOWS\system32\nvHotkey.dll [2006-01-19 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-01-22 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Universal Installer]
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe [2008-03-18 984616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Emily^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\wowclient-downloader[1].exe"="C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\wowclient-downloader[1].exe"="C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\CCP\EVE\bin\ExeFile.exe"="C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\dlbtcoms.exe"="C:\WINDOWS\system32\dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-06 13:01:17 ----D---- C:\GlobRemover
2009-01-06 13:01:16 ----A---- C:\WINDOWS\system32\CF28338.exe
2009-01-06 12:24:18 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Malwarebytes
2009-01-06 12:24:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-06 12:24:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-06 12:21:10 ----D---- C:\Documents and Settings\Manoel Test\Application Data\uTorrent
2009-01-06 09:04:37 ----D---- C:\SDFix
2009-01-06 01:50:47 ----A---- C:\Boot.bak
2009-01-06 01:50:39 ----RASHD---- C:\cmdcons
2009-01-06 01:47:57 ----D---- C:\Documents and Settings\Manoel Test\Application Data\vlc
2009-01-06 01:47:52 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-06 01:47:52 ----A---- C:\WINDOWS\gmer.exe
2009-01-06 01:47:52 ----A---- C:\WINDOWS\gmer.dll
2009-01-06 01:41:20 ----A---- C:\WINDOWS\PSEXESVC.EXE
2009-01-06 01:14:48 ----A---- C:\WINDOWS\zip.exe
2009-01-06 01:14:48 ----A---- C:\WINDOWS\VFIND.exe
2009-01-06 01:14:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-06 01:14:48 ----A---- C:\WINDOWS\SWSC.exe
2009-01-06 01:14:48 ----A---- C:\WINDOWS\SWREG.exe
2009-01-06 01:14:48 ----A---- C:\WINDOWS\sed.exe
2009-01-06 01:14:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-06 01:14:48 ----A---- C:\WINDOWS\grep.exe
2009-01-06 01:14:48 ----A---- C:\WINDOWS\fdsv.exe
2009-01-06 01:12:24 ----D---- C:\WINDOWS\ERDNT
2009-01-06 01:12:24 ----D---- C:\Qoobox
2009-01-05 23:10:38 ----D---- C:\rsit
2009-01-05 00:51:21 ----D---- C:\Documents and Settings\Manoel Test\Application Data\WinRAR
2009-01-04 00:51:38 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Macromedia
2009-01-04 00:51:35 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Adobe
2009-01-04 00:47:23 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Opera
2009-01-04 00:40:36 ----D---- C:\Documents and Settings\Manoel Test\Application Data\AVGTOOLBAR
2009-01-04 00:35:35 ----ASH---- C:\Documents and Settings\Manoel Test\Application Data\desktop.ini
2009-01-04 00:35:33 ----SD---- C:\Documents and Settings\Manoel Test\Application Data\Microsoft
2009-01-04 00:35:33 ----HD---- C:\Documents and Settings\Manoel Test\Application Data\Gtek
2009-01-04 00:35:33 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Wave Systems Corp
2009-01-04 00:35:33 ----D---- C:\Documents and Settings\Manoel Test\Application Data\InstallShield
2009-01-04 00:35:33 ----D---- C:\Documents and Settings\Manoel Test\Application Data\Identities
2009-01-04 00:33:33 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-04 00:33:33 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-04 00:33:33 ----A---- C:\WINDOWS\system32\java.exe
2009-01-04 00:33:33 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-04 00:06:14 ----D---- C:\Program Files\Tudou
2009-01-03 21:56:00 ----D---- C:\Program Files\Kaspersky Lab
2009-01-03 21:56:00 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-01-03 21:54:41 ----D---- C:\KAV
2009-01-02 14:50:16 ----D---- C:\Program Files\Opera
2008-12-30 00:29:38 ----D---- C:\Program Files\FlashGet
2008-12-29 22:43:42 ----D---- C:\VundoFix Backups
2008-12-29 22:43:42 ----A---- C:\VundoFix.txt
2008-12-29 19:48:35 ----D---- C:\dsbuff
2008-12-29 19:01:30 ----D---- C:\dslazy
2008-12-28 19:30:09 ----D---- C:\Program Files\Spybot - Search & Destroy 3
2008-12-28 13:30:58 ----HD---- C:\$AVG8.VAULT$
2008-12-28 01:01:15 ----D---- C:\Program Files\Lavasoft
2008-12-28 00:24:32 ----D---- C:\Program Files\Trend Micro
2008-12-27 23:36:30 ----D---- C:\Program Files\Safer Networking
2008-12-27 22:45:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-27 22:45:10 ----D---- C:\Program Files\AVG
2008-12-27 22:45:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-27 22:32:53 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-27 22:28:43 ----D---- C:\Program Files\FirefoxPortableTest
2008-12-27 16:11:11 ----D---- C:\WINDOWS\pss
2008-12-26 23:41:41 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-26 23:37:17 ----SHD---- C:\WINDOWS\CSC
2008-12-26 23:36:54 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-25 18:43:02 ----D---- C:\Program Files\iPod
2008-12-25 18:42:53 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 18:42:51 ----D---- C:\Program Files\iTunes
2008-12-25 18:37:49 ----D---- C:\Program Files\QuickTime
2008-12-25 18:34:40 ----D---- C:\Program Files\Apple Software Update
2008-12-23 17:25:49 ----A---- C:\WINDOWS\system32\17ce32a2-.txt
2008-12-11 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-21 16:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 16:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 16:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 16:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-11-12 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-31 15:03:39 ----D---- C:\Program Files\uTorrent
2008-10-24 02:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 02:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-10 22:00:12 ----D---- C:\Program Files\PokerStars
2008-10-10 21:45:14 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-09 17:21:16 ----D---- C:\Program Files\AVI MPEG RM WMV Joiner

======List of files/folders modified in the last 3 months======

2009-01-06 13:24:53 ----D---- C:\WINDOWS\Prefetch
2009-01-06 13:23:56 ----D---- C:\WINDOWS\system32
2009-01-06 13:09:40 ----D---- C:\WINDOWS
2009-01-06 13:09:40 ----A---- C:\WINDOWS\system.ini
2009-01-06 13:09:32 ----D---- C:\WINDOWS\Temp
2009-01-06 13:09:19 ----D---- C:\WINDOWS\Registration
2009-01-06 13:08:57 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-01-06 13:08:45 ----D---- C:\WINDOWS\system32\drivers
2009-01-06 13:07:16 ----D---- C:\WINDOWS\system32\config
2009-01-06 13:05:43 ----D---- C:\WINDOWS\AppPatch
2009-01-06 13:05:43 ----D---- C:\Program Files\Common Files
2009-01-06 13:01:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 12:24:11 ----RD---- C:\Program Files
2009-01-06 02:48:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-06 02:15:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 02:01:19 ----SHD---- C:\WINDOWS\Installer
2009-01-06 02:01:03 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-06 01:50:47 ----RASH---- C:\boot.ini
2009-01-05 01:54:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-05 01:38:44 ----D---- C:\Program Files\DivX
2009-01-05 01:07:40 ----SHD---- C:\RECYCLER
2009-01-05 00:51:57 ----D---- C:\Program Files\Java
2009-01-04 00:37:50 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-04 00:35:30 ----D---- C:\Documents and Settings
2009-01-03 21:56:38 ----HD---- C:\WINDOWS\inf
2008-12-29 16:45:16 ----SHD---- C:\System Volume Information
2008-12-29 16:45:16 ----D---- C:\WINDOWS\system32\Restore
2008-12-29 16:42:22 ----A---- C:\WINDOWS\win.ini
2008-12-29 08:50:45 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-29 08:34:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-28 01:48:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-27 22:45:00 ----D---- C:\WINDOWS\WinSxS
2008-12-27 22:45:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-27 22:20:14 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-12-27 22:14:20 ----D---- C:\WINDOWS\network diagnostic
2008-12-27 21:43:36 ----D---- C:\Program Files\Modem Helper
2008-12-27 17:04:14 ----D---- C:\Program Files\Bonjour
2008-12-25 18:44:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-25 18:43:01 ----D---- C:\Program Files\Common Files\Apple
2008-12-25 18:35:01 ----SD---- C:\WINDOWS\Tasks
2008-12-25 18:33:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-25 01:23:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-24 01:06:26 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 03:01:07 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 03:00:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 03:02:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-14 15:30:14 ----D---- C:\Program Files\dl_Cats
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 03:02:48 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 03:02:35 ----D---- C:\Program Files\Internet Explorer
2008-11-22 04:54:44 ----D---- C:\WINDOWS\Help
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-27 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-27 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-22 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-30 56320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-19 3595296]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
S3 catchme;catchme; \??\C:\GlobRemover\catchme.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 GTKCMOS;GTKCMOS; \??\C:\WINDOWS\system32\GTKCMOS.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-27 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-27 231704]
R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-28 218376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2007-06-07 538096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-05-14 475136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-19 143428]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.12 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-02-01 1466368]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-22 20480]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-01-29 487424]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#12 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 06 January 2009 - 02:41 PM

I ran malwarebyte's andd it keeps finding trojans, i ran SD fix and this is the report.


SDFix: Version 1.240
Run by Emily on Tue 01/06/2009 at 01:48 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 14:06:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmqlt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqt.dll"
"tdssservers"="\systemroot\system32\TDSSlrvd.dat"
"tdssmain"="\systemroot\system32\TDSShrxr.dll"
"tdsslog"="\systemroot\system32\TDSSrtqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdsserrors"="\systemroot\system32\TDSSrhyp.log"
"TDSSproc"="\systemroot\system32\TDSSkkbi.log"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Documents and Settings\\Emily\\Local Settings\\Temporary Internet Files\\Content.IE5\\2XCDIHAD\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Emily\\Local Settings\\Temporary Internet Files\\Content.IE5\\2XCDIHAD\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Documents and Settings\\Emily\\Local Settings\\Temporary Internet Files\\Content.IE5\\IJOLA5U7\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Emily\\Local Settings\\Temporary Internet Files\\Content.IE5\\IJOLA5U7\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Pidgin\\pidgin.exe"="C:\\Program Files\\Pidgin\\pidgin.exe:*:Enabled:Pidgin"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc"
"C:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\system32\\dlbtcoms.exe"="C:\\WINDOWS\\system32\\dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy 3\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy 3\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy 3\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy 3\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy 3\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy 3\Tools.dll"
Tue 30 Sep 2008 60,416 A.SH. --- "C:\WINDOWS\system32\fodulivu.dll.tmp"
Tue 30 Sep 2008 60,416 A.SH. --- "C:\WINDOWS\system32\guguvevo.dll.tmp"
Tue 30 Sep 2008 60,416 A.SH. --- "C:\WINDOWS\system32\nukubufa.dll.tmp"
Fri 26 Sep 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 24 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Wed 7 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Wed 7 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Wed 7 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Wed 7 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Wed 7 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"

Finished!

#13 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 06 January 2009 - 03:03 PM

most recent malware log

Malwarebytes' Anti-Malware 1.32
Database version: 1624
Windows 5.1.2600 Service Pack 3

1/6/2009 3:03:09 PM
mbam-log-2009-01-06 (15-03-09).txt

Scan type: Quick Scan
Objects scanned: 70167
Time elapsed: 23 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 Manoel

Manoel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 06 January 2009 - 03:12 PM

kaspersky constantly finds new backdoor trojans and password protected zips that cant be deleted.
time to throw out the laptop?

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 07 January 2009 - 01:55 AM

kaspersky constantly finds new backdoor trojans and password protected zips that cant be deleted.
time to throw out the laptop?


If only you wish to do that :thumbsup:

Lets do ComboFix again as per Post #7.. Then post the log here.. Tell me if you still can't run it :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users