Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo/Agent/Hijack.taskManager


  • This topic is locked This topic is locked
9 replies to this topic

#1 askj123

askj123

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 08 January 2009 - 12:31 PM

Hello,

I've been having problems with this trojan for couple of days, I was wondering if you can help me...
My taskmanager keeps on getting disabled (I have to keep running Malwarebytes in order to enable it), I only see the background when it loads (it takes me a very long time just to see the desktop) and the red X keeps popping up along with other errors.

I tried to install Spybot S&D but it won't let me due to server issue or something...
And I can't connect to the internet (this is another place)

Here is my latest HIJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:32 AM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\regedit.exe
C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cornerstonetv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TEW-623PI Wireless Client Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg4.cyworld.nate.com/ImageUpload...mageUpload2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.cgntv.net/ActiveX/AlwaysOn.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {2E68BEE5-A640-11D2-AEA4-00AA006E5B34} (HnwActiv Control) - http://intranet.korea.ac.kr:8001/allgenact...tiv_3_3_0_3.cab
O16 - DPF: {3D958885-457A-44ED-B2B9-32C827917A30} (Test_ocx Control) - http://dev.cornerstonetv.com/Test_ocxProj1.cab
O16 - DPF: {4DED8BE6-C27E-40D2-9BD0-24BE513B4E6F} - http://cdn.naver.com/naver/tms/turbois.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://cdn.naver.com/naver/tms/dy/turbois9.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://portal.korea.ac.kr/XecureObject/xw_install.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://66.14.42.152/WebDiginet.CAB
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - http://program.webhard.co.kr/Plus/active_u...DacomUpload.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_d...comDownload.cab
O16 - DPF: {EBB9A178-05D2-4DBD-A255-45B9A7EC9F7E} (IdiskLauncher Control) - http://idisk.korea.ac.kr/app/IdiskUpdate.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_TEW623PI_WPC370L - Unknown owner - C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 9320 bytes

And My Malwarebytes:
Malwarebytes' Anti-Malware 1.28
Database version: 1211
Windows 5.1.2600 Service Pack 2

1/8/2009 6:02:58 AM
mbam-log-2009-01-08 (06-02-58).txt

Scan type: Quick Scan
Objects scanned: 54232
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 askj123

askj123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 January 2009 - 11:09 AM

Here is the log from RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Brother1 at 2009-01-09 05:57:28
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (27%) free of 38 GB
Total RAM: 503 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:34 AM, on 1/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
F:\Virus Part 2\2nd\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brother1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cornerstonetv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TEW-623PI Wireless Client Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg4.cyworld.nate.com/ImageUpload...mageUpload2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.cgntv.net/ActiveX/AlwaysOn.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {2E68BEE5-A640-11D2-AEA4-00AA006E5B34} (HnwActiv Control) - http://intranet.korea.ac.kr:8001/allgenact...tiv_3_3_0_3.cab
O16 - DPF: {3D958885-457A-44ED-B2B9-32C827917A30} (Test_ocx Control) - http://dev.cornerstonetv.com/Test_ocxProj1.cab
O16 - DPF: {4DED8BE6-C27E-40D2-9BD0-24BE513B4E6F} - http://cdn.naver.com/naver/tms/turbois.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://cdn.naver.com/naver/tms/dy/turbois9.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://portal.korea.ac.kr/XecureObject/xw_install.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://66.14.42.152/WebDiginet.CAB
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - http://program.webhard.co.kr/Plus/active_u...DacomUpload.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_d...comDownload.cab
O16 - DPF: {EBB9A178-05D2-4DBD-A255-45B9A7EC9F7E} (IdiskLauncher Control) - http://idisk.korea.ac.kr/app/IdiskUpdate.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_TEW623PI_WPC370L - Unknown owner - C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 9044 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\vapzhvwd.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2003-11-21 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2003-12-04 103368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Web assistant - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2003-11-21 126976]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2003-12-04 103368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-18 110592]
"URLLSTCK.exe"=C:\Program Files\Norton Internet Security\UrlLstCk.exe [2003-12-11 70800]
"gcasServ"=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [2005-11-15 473928]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2004-06-30 95344]
"ares"=C:\Program Files\Ares\Ares.exe -h []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
TEW-623PI Wireless Client Utility.lnk - C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2002-02-15 24638]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-05-23 402736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-11-15 101080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\eDonkey2000\edonkey2000.exe"="C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\Documents and Settings\All Users\Documents\LimeWire.exe"="C:\Documents and Settings\All Users\Documents\LimeWire.exe:*:Disabled:LimeWire: The most advanced file sharing program on the planet."
"C:\Program Files\Symantec\pcAnywhere\winaw32.exe"="C:\Program Files\Symantec\pcAnywhere\winaw32.exe:*:Disabled:pcAnywhere Main Program"
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe"="C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Disabled:pcAnywhere Host Service"
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe"="C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service"
"C:\DigiNet_Center\KFileTransServer.exe"="C:\DigiNet_Center\KFileTransServer.exe:*:Enabled:KFileTransServer"
"C:\DigiNet_Center\DigiNetc.exe"="C:\DigiNet_Center\DigiNetc.exe:*:Enabled:DigiNetc"
"C:\DigiNet_Center\EmergencyMonitor.exe"="C:\DigiNet_Center\EmergencyMonitor.exe:*:Enabled:EmergencyMonitor MFC ?? ????"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\MediaWings\MediaWings.exe"="C:\MediaWings\MediaWings.exe:*:Enabled:MediaWings MPEG4 Player"
"C:\WINDOWS\SYSTEM32\fscagent.exe"="C:\WINDOWS\SYSTEM32\fscagent.exe:*:Enabled:???? ???? ??"
"C:\WINDOWS\SYSTEM32\pdbox28.exe"="C:\WINDOWS\SYSTEM32\pdbox28.exe:*:Enabled:PDBOX File Transfer Manager"
"C:\Program Files\????\FHC.exe"="C:\Program Files\????\FHC.exe:*:Enabled:???? ????? ????"
"C:\Program Files\TurboPlayer\TurboAgent.exe"="C:\Program Files\TurboPlayer\TurboAgent.exe:*:Enabled:TURBO AGENT"
"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc2.exe"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc2.exe:*:Enabled:Wireless Network Monitor"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\InvokeSvc2.exe"="C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\InvokeSvc2.exe:*:Enabled:Wireless Network Monitor"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"E:\Program Files\EA SPORTS\MVP Baseball 2005\mvp2005.exe"="E:\Program Files\EA SPORTS\MVP Baseball 2005\mvp2005.exe:*:Enabled:mvp2005"
"E:\Program Files\mIRC\mirc.exe"="E:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe"
"C:\Documents and Settings\All Users\Application Data\IJJIGame\PLauncher.exe"="C:\Documents and Settings\All Users\Application Data\IJJIGame\PLauncher.exe:*:Enabled:PLauncher Application"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\Brother1\Desktop\GunboundRV_setup.exe"="C:\Documents and Settings\Brother1\Desktop\GunboundRV_setup.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront"
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"="C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ec068b-c323-11d8-887e-806d6172696f}]
shell\AutoRun\command - D:\Setup\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b8db6f7-8379-11dd-a841-0014d1c4ee1e}]
shell\1\command - E:\.\RECYCLER\RECYCLER\autorun.exe
shell\2\command - E:\.\RECYCLER\RECYCLER\autorun.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dc03e32-aabe-11dc-a830-000f1f4c83e9}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3c2726-ae11-11dd-a8e3-0014d1c4ee1e}]
shell\1\command - G:\.\RECYCLER\RECYCLER\autorun.exe
shell\2\command - G:\.\RECYCLER\RECYCLER\autorun.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe


======List of files/folders created in the last 3 months======

2009-01-09 05:36:00 ----A---- C:\WINDOWS\system32\AegisI5.exe
2009-01-09 05:35:58 ----D---- C:\Program Files\TRENDnet
2009-01-09 05:32:16 ----D---- C:\WINDOWS\LastGood
2009-01-08 20:17:57 ----D---- C:\rsit
2009-01-07 20:26:25 ----D---- C:\Program Files\CleanUp!
2009-01-07 20:23:45 ----D---- C:\!KillBox
2009-01-07 19:58:01 ----D---- C:\VundoFix Backups
2009-01-07 19:58:01 ----A---- C:\VundoFix.txt
2009-01-07 19:26:43 ----D---- C:\WINDOWS\ERUNT
2009-01-07 19:25:46 ----D---- C:\SDFix
2009-01-06 05:49:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-06 05:49:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-06 05:39:20 ----D---- C:\Program Files\Trend Micro
2009-01-05 22:06:48 ----A---- C:\WINDOWS\system32\frmwrk32.exe
2009-01-05 22:06:45 ----A---- C:\WINDOWS\system32\pcload.exe
2009-01-05 22:03:56 ----A---- C:\WINDOWS\ozifitizoyiziyem.dll
2009-01-05 21:51:46 ----A---- C:\WINDOWS\Uzukadikujikapa.dll
2009-01-05 21:51:44 ----A---- C:\WINDOWS\system32\k9261108.exe
2009-01-05 21:42:35 ----A---- C:\WINDOWS\system32\qbsqhuaf.dll
2009-01-05 21:42:06 ----A---- C:\WINDOWS\system32\f359f836-.txt
2008-12-18 06:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-12 16:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 16:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 16:35:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 16:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 16:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-29 23:59:58 ----D---- C:\Program Files\Illusion
2008-11-23 19:59:20 ----D---- C:\Program Files\Koei
2008-11-23 19:47:59 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-11-23 19:47:05 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-23 19:17:04 ----D---- C:\Documents and Settings\Brother1\Application Data\DAEMON Tools
2008-11-22 21:17:37 ----D---- C:\Program Files\mIRC
2008-11-22 21:17:37 ----D---- C:\Documents and Settings\Brother1\Application Data\mIRC
2008-11-12 19:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 19:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 09:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 20:39:30 ----D---- C:\Documents and Settings\Brother1\Application Data\Move Networks
2008-10-16 00:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 00:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 00:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 00:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 00:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 00:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-14 19:20:52 ----D---- C:\Program Files\Common Files\INCA Shared
2008-10-14 19:17:34 ----D---- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-10-11 23:45:20 ----A---- C:\WINDOWS\system32\PubPlugin.dll
2008-10-11 23:45:20 ----A---- C:\WINDOWS\system32\ijjiPlugin2.dll
2008-10-11 23:45:19 ----D---- C:\Program Files\NHN USA
2008-10-11 23:45:19 ----A---- C:\WINDOWS\system32\ijjiSetup.exe
2008-10-11 17:43:11 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-11 17:43:11 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-11 17:43:09 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-11 17:43:07 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-11 17:43:07 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-11 17:43:05 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-11 17:43:03 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-11 17:43:03 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-11 17:43:02 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-11 17:43:00 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-11 17:42:58 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-11 17:42:58 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-11 17:42:56 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-11 17:42:55 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-11 17:42:53 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-11 17:42:52 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-11 17:42:50 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-11 17:42:50 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-11 17:42:49 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-11 17:42:47 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-10-11 17:42:42 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-10-11 17:42:42 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-10-11 17:42:41 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-10-11 17:42:39 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-10-11 17:42:38 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-10-11 17:42:37 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-10-11 17:42:36 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-10-11 17:42:34 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-10-11 17:42:34 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-10-11 17:42:32 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-10-11 17:42:32 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-11 17:42:31 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-10-11 17:42:30 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-10-11 17:42:28 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-10-11 17:42:23 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-10-11 17:42:23 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-11 17:42:14 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-10-11 17:42:13 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-10-11 17:42:12 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-10-11 17:42:12 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-10-11 17:42:11 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-10-11 17:42:11 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-11 17:42:10 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-10-11 17:42:10 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-10-11 17:42:09 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-10-11 17:42:09 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-10-11 17:42:08 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-10-11 17:42:07 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-10-11 17:42:01 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-10-11 17:42:00 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-10-11 17:42:00 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-10-11 17:41:59 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-10-11 17:41:58 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-10-11 17:41:58 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-10-11 17:41:57 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-10-11 17:41:56 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-10-11 17:41:53 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-10-11 17:36:51 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-11 17:36:37 ----D---- C:\WINDOWS\Logs
2008-10-11 17:30:15 ----HD---- C:\Documents and Settings\Brother1\Application Data\ijjigame
2008-10-11 17:06:40 ----D---- C:\ijji

======List of files/folders modified in the last 3 months======

2009-01-09 05:57:22 ----D---- C:\Program Files\Microsoft AntiSpyware
2009-01-09 05:46:26 ----D---- C:\WINDOWS\Prefetch
2009-01-09 05:46:17 ----SHD---- C:\System Volume Information
2009-01-09 05:46:17 ----D---- C:\WINDOWS\system32\Restore
2009-01-09 05:45:46 ----D---- C:\Program Files\Mozilla Firefox
2009-01-09 05:36:09 ----A---- C:\WINDOWS\system32\results.txt
2009-01-09 05:36:02 ----HD---- C:\WINDOWS\INF
2009-01-09 05:36:01 ----D---- C:\WINDOWS\system32\DRIVERS
2009-01-09 05:36:00 ----D---- C:\WINDOWS\SYSTEM32
2009-01-09 05:35:58 ----AD---- C:\Program Files
2009-01-09 05:35:51 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-09 05:32:16 ----D---- C:\WINDOWS
2009-01-09 05:32:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-09 05:31:19 ----D---- C:\WINDOWS\Temp
2009-01-09 05:11:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-08 22:26:54 ----SHD---- C:\WINDOWS\Installer
2009-01-08 21:50:45 ----D---- C:\Program Files\Lavasoft
2009-01-08 21:42:09 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-01-07 20:28:35 ----D---- C:\WINDOWS\system32\NtmsData
2009-01-07 20:28:31 ----D---- C:\WINDOWS\REPAIR
2009-01-07 20:28:26 ----D---- C:\WINDOWS\Help
2009-01-07 20:27:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-07 20:27:50 ----D---- C:\I386
2009-01-07 20:27:16 ----D---- C:\Documents and Settings\Brother1\Application Data\FrostWire
2009-01-06 21:03:44 ----D---- C:\WINDOWS\system32\dla
2009-01-06 05:50:37 ----D---- C:\Documents and Settings\Brother1\Application Data\Lavasoft
2009-01-06 05:49:02 ----D---- C:\Program Files\Common Files
2009-01-05 22:39:31 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-01-05 22:39:06 ----A---- C:\WINDOWS\system32\wsaupdater.exe
2009-01-05 22:39:06 ----A---- C:\WINDOWS\system32\userinit.exe
2009-01-05 21:36:46 ----SD---- C:\WINDOWS\Tasks
2008-12-18 06:06:59 ----A---- C:\WINDOWS\imsins.BAK
2008-12-18 06:06:29 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 16:35:15 ----D---- C:\Program Files\Internet Explorer
2008-12-12 09:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 05:51:44 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-27 21:40:05 ----D---- C:\Program Files\Bonjour
2008-11-23 20:19:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 19:46:44 ----D---- C:\WINDOWS\WinSxS
2008-10-23 05:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 01:47:07 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 02:37:04 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 02:37:04 ----A---- C:\WINDOWS\system32\browseui.dll
2008-10-16 02:37:03 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 02:37:03 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-10-16 02:37:03 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-16 02:37:03 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 02:37:03 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 02:37:02 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 02:37:02 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 02:37:02 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 02:37:02 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 02:37:02 ----A---- C:\WINDOWS\system32\inseng.dll
2008-10-16 02:37:02 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-10-16 02:37:02 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 02:37:02 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 02:37:02 ----A---- C:\WINDOWS\system32\danim.dll
2008-10-16 02:37:02 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-10-15 08:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 06:00:41 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-11 23:45:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-11 17:43:15 ----D---- C:\WINDOWS\system32\DirectX
2008-10-11 17:42:07 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2002-02-11 33496]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2000-09-11 10816]
R1 FsVga;FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [2002-08-29 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-06-29 263968]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-09 21419]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-26 40480]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-14 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-14 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-14 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-14 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-14 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-14 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-14 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-14 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-14 100597]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2005-03-16 28256]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040825.021\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040825.021\NavEx15.Sys []
R3 RT80x86;TEW-623PI Wireless N PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2007-07-27 537216]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2004-06-29 11008]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2004-06-29 166048]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2004-06-29 46528]
R3 SYMIDSCO;SYMIDSCO; C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS [2004-07-01 170208]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2004-06-29 51552]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-06-29 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-03 73472]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 aww7m6tc;aww7m6tc; C:\WINDOWS\system32\drivers\aww7m6tc.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Brother1\LOCALS~1\Temp\catchme.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 NOWMEMDF;NOWMEMDF; \??\C:\WINDOWS\system32\NOWMEMDF.sys []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa); C:\WINDOWS\system32\DRIVERS\ODWGU.sys [2006-07-07 408064]
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-03 245504]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver; C:\WINDOWS\System32\DRIVERS\netusbxp.sys [2002-02-19 72576]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-05-07 79616]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2003-11-10 234656]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-08-15 299008]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2004-04-23 158848]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2003-12-04 193816]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2004-01-27 218232]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776]
S2 NICSer_TEW623PI_WPC370L;NICSer_TEW623PI_WPC370L; C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe [2006-07-06 530432]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2002-02-15 114749]
S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-11-10 255136]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-11-10 87200]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-06-29 193760]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------


Here is the info from RSIT

info.txt logfile of random's system information tool 1.05 2009-01-08 20:18:29

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
802.11 Wireless Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4C91CB-358C-4E3D-8773-EB3A90E82C31}\Setup.exe" -l0x9 -removeonly
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Premiere 6.0-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL2.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Cleaner 5 EZ-->C:\WINDOWS\unvise32.exe C:\Program Files\Cleaner 5 EZ\uninstal.log
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Default-->MsiExec.exe /I{43AE80CE-A8D1-4B7C-80D5-3473D81DF342}
DTS+AC3 ??-->"C:\Program Files\DtsFilter\uninstall.exe"
Free iPod Video Converter 1.26-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Gunbound Revolution-->"c:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Proactive Services-->MsiExec.exe /X{7527CD9F-894E-47B3-9AFB-3E680E007051}
HP Product Detection-->MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intelligent Remote Module-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Univision Canada Limited\Remote Module\Uninst.isu"
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Live On Air 2004 Professional-->MsiExec.exe /I{25659578-FEC4-4396-B9A4-BE0839FFC199}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft AntiSpyware-->MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG2??(libmpeg2/mad)-->"C:\Program Files\GNU\MPEG2\Uninstall.exe"
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Pioneer RecordNow DX-->MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Real Alternative 1.8.4-->"C:\Program Files\Real Alternative\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\Install.log
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Symantec pcAnywhere-->MsiExec.exe /I{C05E8183-866A-11D3-97DF-0000F8D8F2E9}
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XecureWeb Control-->C:\Program Files\SoftForum\XecureWeb\xw_setup.exe -ui
???? 1.0-->"C:\Program Files\????\unins000.exe"
?? ?? ?? ????-->MsiExec.exe /I{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}
?? ?? 2002-->MsiExec.exe /I{64BA2986-C58A-44F1-A0C0-BFF47BE06DF6}

=====HijackThis Backups=====

O20 - AppInit_DLLs: unwpvf.dll
O4 - HKLM\..\Run: [f87a3c48] rundll32.exe "C:\WINDOWS\system32\ynhonvbg.dll",b
O4 - HKLM\..\Run: [Kmuroyiv] rundll32.exe "C:\WINDOWS\ozifitizoyiziyem.dll",e
O4 - HKLM\..\Run: [Srayakucad] rundll32.exe "C:\WINDOWS\Uzukadikujikapa.dll",e
O4 - HKLM\..\Run: [Kmuroyiv] rundll32.exe "C:\WINDOWS\ozifitizoyiziyem.dll",e
O4 - HKLM\..\Run: [Kmuroyiv] rundll32.exe "C:\WINDOWS\ozifitizoyiziyem.dll",e
O2 - BHO: {7cd7bea2-0455-31c9-7c34-21f98d0ff3ed} - {de3ff0d8-9f12-43c7-9c13-55402aeb7dc7} - C:\WINDOWS\system32\unwpvf.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Kmuroyiv] rundll32.exe "C:\WINDOWS\ozifitizoyiziyem.dll",e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

======Hosts File======

127.0.0.1 localhost

System event log

Computer Name: DD4FV051
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 18123
Source Name: Service Control Manager
Time Written: 20081203060656.000000-480
Event Type: information
User:

Computer Name: DD4FV051
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 18122
Source Name: Service Control Manager
Time Written: 20081203060656.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DD4FV051
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.

Record Number: 18121
Source Name: Service Control Manager
Time Written: 20081203060652.000000-480
Event Type: information
User:

Computer Name: DD4FV051
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 18120
Source Name: Service Control Manager
Time Written: 20081203060652.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DD4FV051
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 18119
Source Name: Service Control Manager
Time Written: 20081203060652.000000-480
Event Type: information
User:

Application event log

Computer Name: DD4FV051
Event Code: 1
Message: Application started

Record Number: 12311
Source Name: ccEvtMgr
Time Written: 20080930081652.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DD4FV051
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 12310
Source Name: SecurityCenter
Time Written: 20080930081651.000000-480
Event Type: information
User:

Computer Name: DD4FV051
Event Code: 26
Message: Application starting

Record Number: 12309
Source Name: ccEvtMgr
Time Written: 20080930081649.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DD4FV051
Event Code: 1
Message: Application started

Record Number: 12308
Source Name: SNDSrvc
Time Written: 20080930081648.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DD4FV051
Event Code: 100
Message: Savscan service started.

Record Number: 12307
Source Name: SAVSCAN
Time Written: 20080930081648.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------

#3 askj123

askj123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 January 2009 - 11:11 AM

GMER found something...

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-09 06:07:38
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

INT 0x62 ? 8338ABF8
INT 0x63 ? 8320CBF8
INT 0x82 ? 8338ABF8
INT 0x83 ? 8320CBF8
INT 0xA4 ? 8320CBF8
INT 0xB4 ? 8320CBF8

Code 8319EFD8 ZwEnumerateKey
Code 8319F0B8 ZwFlushInstructionCache
Code EF1C154C pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 5 Bytes JMP 8319EFDC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP 8319F0BC
? spfy.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F812362C 5 Bytes JMP 8320C1D8

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8338E2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8393C4C] spfy.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8393CA0] spfy.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8363040] spfy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F836313C] spfy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F83630BE] spfy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F83637FC] spfy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F83636D2] spfy.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8320C2D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8373048] spfy.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 833881F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \FatCdrom 82F731F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{685ED561-EAF4-43AE-BD69-DB268C06D4EA} 82F591F8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8320B1F8
Device \Driver\usbuhci \Device\USBPDO-1 8320B1F8
Device \Driver\usbuhci \Device\USBPDO-2 8320B1F8
Device \Driver\usbehci \Device\USBPDO-3 831E91F8
Device \Driver\PCI_PNP9808 \Device\00000055 spfy.sys

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8338B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8338B1F8
Device \Driver\Cdrom \Device\CdRom0 8316F1F8
Device \Driver\Cdrom \Device\CdRom1 8316F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8338A1F8
Device \Driver\atapi \Device\Ide\IdePort0 8338A1F8
Device \Driver\atapi \Device\Ide\IdePort1 8338A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8338A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82F591F8
Device \Driver\NetBT \Device\NetbiosSmb 82F591F8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8320B1F8
Device \Driver\USBSTOR \Device\0000006d 8319C238
Device \Driver\usbuhci \Device\USBFDO-1 8320B1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82FCC500
Device \Driver\USBSTOR \Device\0000006e 8319C238
Device \Driver\usbuhci \Device\USBFDO-2 8320B1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82FCC500
Device \Driver\usbehci \Device\USBFDO-3 831E91F8
Device \Driver\Ftdisk \Device\FtControl 8338B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3AA50C67-2A38-4970-9424-968FA8892620} 82F591F8
Device \Driver\aww7m6tc \Device\Scsi\aww7m6tc1Port2Path0Target0Lun0 831661F8
Device \Driver\aww7m6tc \Device\Scsi\aww7m6tc1 831661F8
Device \Driver\sptd \Device\3736421058 spfy.sys
Device \FileSystem\Fastfat \Fat 82F731F8

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 830FB500
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\senekajlkdvblx.sys (*** hidden *** ) EF1BF000-EF1D8000 (102400 bytes)

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\senekajlkdvblx.sys (*** hidden *** ) [SYSTEM] seneka <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet002\Services\seneka
Reg HKLM\SYSTEM\ControlSet002\Services\seneka@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\seneka@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\seneka@imagepath \systemroot\system32\drivers\senekajlkdvblx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\seneka@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\seneka\modules
Reg HKLM\SYSTEM\ControlSet002\Services\seneka\modules@seneka.dll \systemroot\system32\senekajwsfloyx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\seneka\modules@seneka.sys \systemroot\system32\drivers\senekajlkdvblx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\seneka\modules@senekawi.dll \systemroot\system32\senekayiqrsvri.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x09 0x20 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0x56 0x06 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCA 0x88 0xB5 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@imagepath \systemroot\system32\drivers\senekajlkdvblx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@seneka.dll \systemroot\system32\senekajwsfloyx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@seneka.sys \systemroot\system32\drivers\senekajlkdvblx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@senekawi.dll \systemroot\system32\senekayiqrsvri.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x09 0x20 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0x56 0x06 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCA 0x88 0xB5 0x15 ...
Reg HKLM\SYSTEM\ControlSet004\Services\seneka
Reg HKLM\SYSTEM\ControlSet004\Services\seneka@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\seneka@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\seneka@imagepath \systemroot\system32\drivers\senekajlkdvblx.sys
Reg HKLM\SYSTEM\ControlSet004\Services\seneka@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\seneka\modules
Reg HKLM\SYSTEM\ControlSet004\Services\seneka\modules@seneka.dll \systemroot\system32\senekajwsfloyx.dll
Reg HKLM\SYSTEM\ControlSet004\Services\seneka\modules@seneka.sys \systemroot\system32\drivers\senekajlkdvblx.sys
Reg HKLM\SYSTEM\ControlSet004\Services\seneka\modules@senekawi.dll \systemroot\system32\senekayiqrsvri.dll
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x09 0x20 0xEC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0x56 0x06 0xFF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCA 0x88 0xB5 0x15 ...

---- EOF - GMER 1.0.14 ----


I also cannot go on the internet on this computer, and I don't know if I need to reinstall userinit.exe (on the System32 folder) (I know it is a legit file, but MalwareBytes keeps telling me that it is a Trojan.Agent link root)...

#4 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:57 AM

Posted 09 January 2009 - 11:18 AM

Hi,

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbsup:
Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#5 askj123

askj123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 10 January 2009 - 12:43 PM

Thanks so much for the reply.

I didn't have internet access at the time, so I couldn't do a recovery console...

Here is the data: (the internet works now)

ComboFix 09-01-08.05 - Brother1 2009-01-10 9:30:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.313 [GMT -8:00]
Running from: f:\virus part 2\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\comrepl.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekajlkdvblx.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\qbsqhuaf.dll
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekajwsfloyx.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekayiqrsvri.dll
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-09 05:59 . 2009-01-09 05:59 250 --a------ c:\windows\gmer.ini
2009-01-09 05:36 . 2006-06-20 22:53 319,488 --a------ c:\windows\SYSTEM32\AegisI5.exe
2009-01-09 05:36 . 2009-01-09 05:36 21,419 --a------ c:\windows\SYSTEM32\DRIVERS\AegisP.sys
2009-01-09 05:35 . 2009-01-09 05:35 <DIR> d-------- c:\program files\TRENDnet
2009-01-09 05:32 . 2007-07-27 23:48 537,216 -ra------ c:\windows\SYSTEM32\DRIVERS\rt2860.sys
2009-01-08 21:06 . 2009-01-08 21:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-08 20:17 . 2009-01-08 20:18 <DIR> d-------- C:\rsit
2009-01-07 20:26 . 2009-01-07 20:26 <DIR> d-------- c:\program files\CleanUp!
2009-01-07 20:23 . 2009-01-07 20:23 <DIR> d-------- C:\!KillBox
2009-01-07 19:58 . 2009-01-07 19:58 <DIR> d-------- C:\VundoFix Backups
2009-01-07 19:26 . 2009-01-07 19:27 <DIR> d-------- c:\windows\ERUNT
2009-01-07 19:25 . 2009-01-07 19:56 <DIR> d-------- C:\SDFix
2009-01-06 05:49 . 2009-01-06 05:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 05:49 . 2009-01-08 21:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-06 05:39 . 2009-01-06 05:39 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 22:39 . 2009-01-05 22:39 111,616 --a------ c:\windows\SYSTEM32\DLLCACHE\userinit.exe
2009-01-05 22:06 . 2009-01-05 22:06 24,576 --a------ c:\windows\SYSTEM32\pcload.exe
2009-01-05 22:03 . 2009-01-05 22:03 134,656 --a------ c:\windows\ozifitizoyiziyem.dll
2009-01-05 21:51 . 2009-01-05 21:51 40,448 --a------ c:\windows\Uzukadikujikapa.dll
2009-01-05 21:51 . 2009-01-05 21:51 40,448 --a------ c:\windows\SYSTEM32\k9261108.exe
2009-01-05 21:41 . 2009-01-05 21:40 102,664 --a------ c:\windows\SYSTEM32\DRIVERS\tmcomm.sys
2009-01-05 21:40 . 2009-01-05 22:03 <DIR> d-------- c:\documents and settings\Brother1\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 17:10 --------- d-----w c:\program files\Microsoft AntiSpyware
2009-01-09 13:35 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-09 05:50 --------- d-----w c:\program files\Lavasoft
2009-01-08 04:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-08 04:27 --------- d-----w c:\documents and settings\Brother1\Application Data\FrostWire
2009-01-06 13:50 --------- d-----w c:\documents and settings\Brother1\Application Data\Lavasoft
2009-01-06 06:39 111,616 ----a-w c:\windows\SYSTEM32\wsaupdater.exe
2009-01-06 06:39 111,616 ----a-w c:\windows\SYSTEM32\userinit.exe
2009-01-02 23:18 --------- d-----w c:\documents and settings\Brother1\Application Data\mIRC
2009-01-02 20:59 --------- d-----w c:\program files\mIRC
2008-12-23 05:48 --------- d-----w c:\program files\Illusion
2008-12-12 17:33 3,060,224 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-01 05:23 --------- d-----w c:\documents and settings\Brother1\Application Data\Move Networks
2008-11-28 05:40 --------- d-----w c:\program files\Bonjour
2008-11-28 00:11 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-11-24 05:11 163,644 ----a-w c:\windows\system32\drivers\SECDRV.SYS
2008-11-24 04:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 03:59 --------- d-----w c:\program files\Koei
2008-11-24 03:48 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-24 03:17 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-24 03:17 --------- d-----w c:\documents and settings\Brother1\Application Data\DAEMON Tools
2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 22:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-15 16:57 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
2008-09-17 23:46 0 ----a-w c:\documents and settings\Brother1\jagex_runescape_preferences.dat
2004-10-03 22:07 13,195 -c--a-w c:\documents and settings\Guest\zguicfgw.dat
.

------- Sigcheck -------

2002-08-29 02:00 22016 e931e0a2b8bf0019db902e98d03662cb c:\windows\$NtServicePackUninstall$\userinit.exe
2004-08-03 23:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 16:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2009-01-05 22:39 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\SYSTEM32\userinit.exe
2009-01-05 22:39 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\SYSTEM32\DLLCACHE\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-06-30 95344]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 70800]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
TEW-623PI Wireless Client Utility.lnk - c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe [2009-01-09 2756096]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 09:51 24638 c:\windows\SYSTEM32\PCANotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\All Users\\Documents\\LimeWire.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\DigiNet_Center\\EmergencyMonitor.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\MediaWings\\MediaWings.exe"=
"c:\\WINDOWS\\SYSTEM32\\fscagent.exe"=
"c:\\WINDOWS\\SYSTEM32\\pdbox28.exe"=
"c:\\Program Files\\????\\FHC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\IJJIGame\\PLauncher.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

R3 RT80x86;TEW-623PI Wireless N PCI Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rt2860.sys [2009-01-09 537216]
R4 NICSer_TEW623PI_WPC370L;NICSer_TEW623PI_WPC370L;c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe [2009-01-09 530432]
S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\SYSTEM32\DRIVERS\ODWGU.sys [2007-09-20 408064]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\SYSTEM32\DRIVERS\netusbxp.sys [2004-06-20 72576]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rt2500usb.sys [2006-05-04 79616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dc03e32-aabe-11dc-a830-000f1f4c83e9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-29 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 17:22]

2009-01-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 15:38]

2009-01-10 c:\windows\Tasks\vapzhvwd.job
- c:\windows\system32\rundll32.exe [2004-08-03 23:56]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
HKCU-Run-ares - c:\program files\Ares\Ares.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cornerstonetv.com/
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\CyImage2.dll - O16 -: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9}
hxxp://cyimg4.cyworld.nate.com/ImageUpload/CyImageUpload2.cab
c:\windows\Downloaded Program Files\CyImage2.inf

c:\windows\Downloaded Program Files\tpwin.ocx - O16 -: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5}
hxxp://www.cgntv.net/ActiveX/AlwaysOn.CAB

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\PDUpdate.ocx
O16 -: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60}
hxxp://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
c:\windows\Downloaded Program Files\PDUpdate.inf

c:\windows\Downloaded Program Files\hnwactiv.ocx - O16 -: {2E68BEE5-A640-11D2-AEA4-00AA006E5B34}
hxxp://intranet.korea.ac.kr:8001/allgenactive/hnwactiv_3_3_0_3.cab
c:\windows\Downloaded Program Files\hnwactiv.inf

c:\windows\Downloaded Program Files\Test_ocxProj1.ocx - O16 -: {3D958885-457A-44ED-B2B9-32C827917A30}
hxxp://dev.cornerstonetv.com/Test_ocxProj1.cab

c:\windows\system32\TurboIS.ocx - O16 -: {4DED8BE6-C27E-40D2-9BD0-24BE513B4E6F}
hxxp://cdn.naver.com/naver/tms/turbois.cab
c:\windows\Downloaded Program Files\turbois.inf

c:\windows\System32\TurboIS9.ocx - O16 -: {784B0583-ABC1-4D3B-9564-357AA32D007C}
hxxp://cdn.naver.com/naver/tms/dy/turbois9.cab
c:\windows\Downloaded Program Files\turbois9.inf

O16 -: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://portal.korea.ac.kr/XecureObject/xw_install.cab
c:\windows\Downloaded Program Files\xw_install.inf

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\picn5020.ssm
c:\windows\system32\picn1820.ssm
c:\windows\system32\picn1220.ssm
c:\windows\system32\picn20.dll
c:\windows\system32\tools.dll
c:\windows\system32\kdbbase.dll
c:\windows\system32\kcodec.dll
c:\windows\system32\imgpro.dll
c:\windows\system32\webdiginet.ocx
O16 -: {9E265649-6E0E-4EEA-9F49-DAE0801440CF}
hxxp://66.14.42.152/WebDiginet.CAB
c:\windows\Downloaded Program Files\Webdiginet.inf

c:\windows\system32\DacomUpload.ocx - O16 -: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C}
hxxp://program.webhard.co.kr/Plus/active_upload/DacomUpload.cab
c:\windows\Downloaded Program Files\DacomUpload.inf

c:\windows\system32\DacomDownload.ocx - O16 -: {E2A96175-32D0-4651-B228-B474C2408346}
hxxp://program.webhard.co.kr/Plus/active_download/DacomDownload.cab
c:\windows\Downloaded Program Files\DacomDownload.inf

O16 -: {EBB9A178-05D2-4DBD-A255-45B9A7EC9F7E} - hxxp://idisk.korea.ac.kr/app/IdiskUpdate.cab
c:\windows\Downloaded Program Files\IdiskLauncher.inf
FF - ProfilePath - c:\documents and settings\Brother1\Application Data\Mozilla\Firefox\Profiles\lfi8651s.default\
FF - plugin: c:\documents and settings\Brother1\Application Data\Mozilla\Firefox\Profiles\lfi8651s.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 09:35:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2866059343-37140609-2491174671-1007\Software\Microsoft\MessengerService\GroupStateCacheU\[*NULL*;*NULL*0$="0d'*NULL*0\*NULL*0:&*NULL*0=]*NULL*]
"Name"=hex:5b,00,3b,ff,00,30,9c,03,d8,24,3d,22,01,30,64,27,00,30,5c,ff,00,30,
3a,26,00,30,3d,ff,5d,00,00,00
"Collapsed"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\L*NULL*i*NULL*n*NULL*k*NULL*S*NULL*a*NULL*n*NULL*1*NULL*1*NULL*R*NULL*e*NULL*s*NULL*.*NULL*A*NULL*v*NULL*`P*NULL**NULL*[*NULL*V*NULL*!  \CLSID]
@="{8C306064-52F3-4724-A485-3C44005E7ACA}"
.
Completion time: 2009-01-10 9:38:01
ComboFix-quarantined-files.txt 2009-01-10 17:37:34

Pre-Run: 10,115,026,944 bytes free
Post-Run: 10,121,523,200 bytes free

263 --- E O F --- 2008-12-18 14:06:59

#6 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:57 AM

Posted 12 January 2009 - 05:37 AM

Hi,

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\windows\SYSTEM32\pcload.exe
c:\windows\ozifitizoyiziyem.dll
c:\windows\Uzukadikujikapa.dll
c:\windows\SYSTEM32\k9261108.exe
c:\windows\SYSTEM32\pcload.exe
c:\windows\ozifitizoyiziyem.dll
c:\windows\Uzukadikujikapa.dll
c:\windows\SYSTEM32\k9261108.exe
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Post them along with a new HijackThis log.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#7 askj123

askj123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 12 January 2009 - 10:42 PM

Thank you for helping me...hopefully this is everything...

ComboFix 09-01-08.05 - Brother1 2009-01-12 19:19:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.270 [GMT -8:00]
Running from: c:\documents and settings\Brother1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brother1\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\ozifitizoyiziyem.dll
c:\windows\SYSTEM32\k9261108.exe
c:\windows\SYSTEM32\pcload.exe
c:\windows\Uzukadikujikapa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ozifitizoyiziyem.dll
c:\windows\SYSTEM32\k9261108.exe
c:\windows\SYSTEM32\pcload.exe
c:\windows\system32\win32hlp.cnf
c:\windows\Uzukadikujikapa.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe


.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-10 13:13 . 2009-01-11 08:06 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-10 13:13 . 2009-01-11 08:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 09:44 . 2009-01-10 09:44 <DIR> d-------- c:\program files\Bazooka Scanner
2009-01-09 05:59 . 2009-01-09 05:59 250 --a------ c:\windows\gmer.ini
2009-01-09 05:36 . 2006-06-20 22:53 319,488 --a------ c:\windows\SYSTEM32\AegisI5.exe
2009-01-09 05:36 . 2009-01-09 05:36 21,419 --a------ c:\windows\SYSTEM32\DRIVERS\AegisP.sys
2009-01-09 05:35 . 2009-01-09 05:35 <DIR> d-------- c:\program files\TRENDnet
2009-01-09 05:32 . 2007-07-27 23:48 537,216 -ra------ c:\windows\SYSTEM32\DRIVERS\rt2860.sys
2009-01-08 21:06 . 2009-01-08 21:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-08 20:17 . 2009-01-08 20:18 <DIR> d-------- C:\rsit
2009-01-07 20:26 . 2009-01-07 20:26 <DIR> d-------- c:\program files\CleanUp!
2009-01-07 20:23 . 2009-01-07 20:23 <DIR> d-------- C:\!KillBox
2009-01-07 19:58 . 2009-01-07 19:58 <DIR> d-------- C:\VundoFix Backups
2009-01-07 19:26 . 2009-01-07 19:27 <DIR> d-------- c:\windows\ERUNT
2009-01-07 19:25 . 2009-01-07 19:56 <DIR> d-------- C:\SDFix
2009-01-06 05:49 . 2009-01-06 05:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 05:49 . 2009-01-08 21:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-06 05:39 . 2009-01-06 05:39 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 21:41 . 2009-01-05 21:40 102,664 --a------ c:\windows\SYSTEM32\DRIVERS\tmcomm.sys
2009-01-05 21:40 . 2009-01-05 22:03 <DIR> d-------- c:\documents and settings\Brother1\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 03:26 --------- d-----w c:\program files\Microsoft AntiSpyware
2009-01-09 13:35 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-09 05:50 --------- d-----w c:\program files\Lavasoft
2009-01-08 04:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-08 04:27 --------- d-----w c:\documents and settings\Brother1\Application Data\FrostWire
2009-01-06 13:50 --------- d-----w c:\documents and settings\Brother1\Application Data\Lavasoft
2009-01-02 23:18 --------- d-----w c:\documents and settings\Brother1\Application Data\mIRC
2009-01-02 20:59 --------- d-----w c:\program files\mIRC
2008-12-23 05:48 --------- d-----w c:\program files\Illusion
2008-12-01 05:23 --------- d-----w c:\documents and settings\Brother1\Application Data\Move Networks
2008-11-28 05:40 --------- d-----w c:\program files\Bonjour
2008-11-28 00:11 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-11-24 05:11 163,644 ----a-w c:\windows\system32\drivers\SECDRV.SYS
2008-11-24 04:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 03:59 --------- d-----w c:\program files\Koei
2008-11-24 03:48 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-24 03:17 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-24 03:17 --------- d-----w c:\documents and settings\Brother1\Application Data\DAEMON Tools
2008-09-17 23:46 0 ----a-w c:\documents and settings\Brother1\jagex_runescape_preferences.dat
2004-10-03 22:07 13,195 -c--a-w c:\documents and settings\Guest\zguicfgw.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-10_ 9.35.56.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 06:39:06 111,616 ----a-w c:\windows\SYSTEM32\DLLCACHE\userinit.exe
+ 2004-08-04 07:56:57 24,576 ----a-w c:\windows\SYSTEM32\DLLCACHE\userinit.exe
- 2009-01-06 06:39:06 111,616 ----a-w c:\windows\SYSTEM32\userinit.exe
+ 2004-08-04 07:56:57 24,576 ----a-w c:\windows\SYSTEM32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-06-30 95344]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 70800]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
TEW-623PI Wireless Client Utility.lnk - c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe [2009-01-09 2756096]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 09:51 24638 c:\windows\SYSTEM32\PCANotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\All Users\\Documents\\LimeWire.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\DigiNet_Center\\EmergencyMonitor.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\MediaWings\\MediaWings.exe"=
"c:\\WINDOWS\\SYSTEM32\\fscagent.exe"=
"c:\\WINDOWS\\SYSTEM32\\pdbox28.exe"=
"c:\\Program Files\\????\\FHC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\IJJIGame\\PLauncher.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

R3 RT80x86;TEW-623PI Wireless N PCI Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rt2860.sys [2009-01-09 537216]
R4 NICSer_TEW623PI_WPC370L;NICSer_TEW623PI_WPC370L;c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe [2009-01-09 530432]
S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\SYSTEM32\DRIVERS\ODWGU.sys [2007-09-20 408064]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\SYSTEM32\DRIVERS\netusbxp.sys [2004-06-20 72576]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rt2500usb.sys [2006-05-04 79616]

--- Other Services/Drivers In Memory ---

*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - w32time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dc03e32-aabe-11dc-a830-000f1f4c83e9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-29 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 17:22]

2009-01-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 15:38]

2009-01-13 c:\windows\Tasks\vapzhvwd.job
- c:\windows\system32\rundll32.exe [2004-08-03 23:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cornerstonetv.com/
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\CyImage2.dll - O16 -: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9}
hxxp://cyimg4.cyworld.nate.com/ImageUpload/CyImageUpload2.cab
c:\windows\Downloaded Program Files\CyImage2.inf

c:\windows\Downloaded Program Files\tpwin.ocx - O16 -: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5}
hxxp://www.cgntv.net/ActiveX/AlwaysOn.CAB

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\PDUpdate.ocx
O16 -: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60}
hxxp://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
c:\windows\Downloaded Program Files\PDUpdate.inf

c:\windows\Downloaded Program Files\hnwactiv.ocx - O16 -: {2E68BEE5-A640-11D2-AEA4-00AA006E5B34}
hxxp://intranet.korea.ac.kr:8001/allgenactive/hnwactiv_3_3_0_3.cab
c:\windows\Downloaded Program Files\hnwactiv.inf

c:\windows\Downloaded Program Files\Test_ocxProj1.ocx - O16 -: {3D958885-457A-44ED-B2B9-32C827917A30}
hxxp://dev.cornerstonetv.com/Test_ocxProj1.cab

c:\windows\system32\TurboIS.ocx - O16 -: {4DED8BE6-C27E-40D2-9BD0-24BE513B4E6F}
hxxp://cdn.naver.com/naver/tms/turbois.cab
c:\windows\Downloaded Program Files\turbois.inf

c:\windows\System32\TurboIS9.ocx - O16 -: {784B0583-ABC1-4D3B-9564-357AA32D007C}
hxxp://cdn.naver.com/naver/tms/dy/turbois9.cab
c:\windows\Downloaded Program Files\turbois9.inf

O16 -: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://portal.korea.ac.kr/XecureObject/xw_install.cab
c:\windows\Downloaded Program Files\xw_install.inf

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\picn5020.ssm
c:\windows\system32\picn1820.ssm
c:\windows\system32\picn1220.ssm
c:\windows\system32\picn20.dll
c:\windows\system32\tools.dll
c:\windows\system32\kdbbase.dll
c:\windows\system32\kcodec.dll
c:\windows\system32\imgpro.dll
c:\windows\system32\webdiginet.ocx
O16 -: {9E265649-6E0E-4EEA-9F49-DAE0801440CF}
hxxp://66.14.42.152/WebDiginet.CAB
c:\windows\Downloaded Program Files\Webdiginet.inf

c:\windows\system32\DacomUpload.ocx - O16 -: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C}
hxxp://program.webhard.co.kr/Plus/active_upload/DacomUpload.cab
c:\windows\Downloaded Program Files\DacomUpload.inf

c:\windows\system32\DacomDownload.ocx - O16 -: {E2A96175-32D0-4651-B228-B474C2408346}
hxxp://program.webhard.co.kr/Plus/active_download/DacomDownload.cab
c:\windows\Downloaded Program Files\DacomDownload.inf

O16 -: {EBB9A178-05D2-4DBD-A255-45B9A7EC9F7E} - hxxp://idisk.korea.ac.kr/app/IdiskUpdate.cab
c:\windows\Downloaded Program Files\IdiskLauncher.inf
FF - ProfilePath - c:\documents and settings\Brother1\Application Data\Mozilla\Firefox\Profiles\lfi8651s.default\
FF - plugin: c:\documents and settings\Brother1\Application Data\Mozilla\Firefox\Profiles\lfi8651s.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 19:26:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2866059343-37140609-2491174671-1007\Software\Microsoft\MessengerService\GroupStateCacheU\[*NULL*;*NULL*0$="0d'*NULL*0\*NULL*0:&*NULL*0=]*NULL*]
"Name"=hex:5b,00,3b,ff,00,30,9c,03,d8,24,3d,22,01,30,64,27,00,30,5c,ff,00,30,
3a,26,00,30,3d,ff,5d,00,00,00
"Collapsed"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\L*NULL*i*NULL*n*NULL*k*NULL*S*NULL*a*NULL*n*NULL*1*NULL*1*NULL*R*NULL*e*NULL*s*NULL*.*NULL*A*NULL*v*NULL*`P*NULL**NULL*[*NULL*V*NULL*!  \CLSID]
@="{8C306064-52F3-4724-A485-3C44005E7ACA}"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\dwwin.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-01-12 19:32:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-13 03:32:12
ComboFix2.txt 2009-01-10 17:38:03

Pre-Run: 9,946,251,264 bytes free
Post-Run: 9,931,063,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

270 --- E O F --- 2008-12-18 14:06:59


And here is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:32 PM, on 1/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cornerstonetv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TEW-623PI Wireless Client Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg4.cyworld.nate.com/ImageUpload...mageUpload2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.cgntv.net/ActiveX/AlwaysOn.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {2E68BEE5-A640-11D2-AEA4-00AA006E5B34} (HnwActiv Control) - http://intranet.korea.ac.kr:8001/allgenact...tiv_3_3_0_3.cab
O16 - DPF: {3D958885-457A-44ED-B2B9-32C827917A30} (Test_ocx Control) - http://dev.cornerstonetv.com/Test_ocxProj1.cab
O16 - DPF: {4DED8BE6-C27E-40D2-9BD0-24BE513B4E6F} - http://cdn.naver.com/naver/tms/turbois.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://cdn.naver.com/naver/tms/dy/turbois9.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://portal.korea.ac.kr/XecureObject/xw_install.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://66.14.42.152/WebDiginet.CAB
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - http://program.webhard.co.kr/Plus/active_u...DacomUpload.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_d...comDownload.cab
O16 - DPF: {EBB9A178-05D2-4DBD-A255-45B9A7EC9F7E} (IdiskLauncher Control) - http://idisk.korea.ac.kr/app/IdiskUpdate.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_TEW623PI_WPC370L - Unknown owner - C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 9810 bytes

#8 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:57 AM

Posted 13 January 2009 - 05:17 AM

Good job, yours logs are clean :thumbsup:

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Posted Image


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Here are some additional recomendations that will enhance your safety
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Glad i was able to help and please let me know if you still need assistence.Posted Image
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#9 askj123

askj123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 13 January 2009 - 09:36 PM

Thanks for all your help :thumbsup:

#10 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:57 AM

Posted 14 January 2009 - 04:49 AM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users