Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

There might be a virus or two in my computer


  • This topic is locked This topic is locked
14 replies to this topic

#1 iwalkalone

iwalkalone

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:01:16 AM

Posted 09 January 2009 - 01:45 AM

I am not sure if there is any virus or trojan in my computer because when i run MBAM sometimes they will detect trojans, sometimes they won't. I got a hijackthis log and a dds log that i hope someone will be able to tell me if theres any problem in my computer.

Some additional information that you might want to know, i cannot run internet explorer from the desktop. It says Windows cannot find 'C:\Program Files\Internet Explorer\iexplore.exe' Make sure you typed the name correctly and then try again.

I understand that not being able to run internet explorer could be because of ther problems but i would like to make sure that my computer is virus free first since a virus could be a reason why my internet is not working.

My DDS log

DDS (Ver_09-01-07.01) - NTFSx86
Run by tom at 14:26:22.82 on 01/09/2009 Fri
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1022.569 [GMT 8:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\tom\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.finance.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
uInternet Settings,ProxyOverride = 192.168.1.254
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [nwiz] nwiz.exe /install
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [c:\windows\system32\kddyw.exe] c:\windows\system32\kddyw.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\bofscsss.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\documents and settings\tom\application data\mozilla\firefox\profiles\bofscsss.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\tom\application data\mozilla\firefox\profiles\bofscsss.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090108.007\NAVENG.SYS [2009-1-9 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090108.007\NAVEX15.SYS [2009-1-9 876112]
R4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-1-12 13696]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-1-12 13568]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [2006-11-1 118327]
S3 AtmElan;ATM Emulated LAN;c:\windows\system32\drivers\atmlane.sys [2005-8-16 55808]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\drivers\atmlane.sys [2005-8-16 55808]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-20 31592]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 Winjq06;Winjq06;\??\c:\windows\system32\drivers\winjq06.sys --> c:\windows\system32\drivers\Winjq06.sys [?]
S3 Winmu63;Winmu63;\??\c:\windows\system32\drivers\winmu63.sys --> c:\windows\system32\drivers\Winmu63.sys [?]
S3 XDva034;XDva034;\??\c:\windows\system32\xdva034.sys --> c:\windows\system32\XDva034.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva038;XDva038;\??\c:\windows\system32\xdva038.sys --> c:\windows\system32\XDva038.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\xdva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva042;XDva042;\??\c:\windows\system32\xdva042.sys --> c:\windows\system32\XDva042.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\xdva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva104;XDva104;\??\c:\windows\system32\xdva104.sys --> c:\windows\system32\XDva104.sys [?]
S3 XDva110;XDva110;\??\c:\windows\system32\xdva110.sys --> c:\windows\system32\XDva110.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\xdva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva132;XDva132;\??\c:\windows\system32\xdva132.sys --> c:\windows\system32\XDva132.sys [?]
S3 XDva152;XDva152;\??\c:\windows\system32\xdva152.sys --> c:\windows\system32\XDva152.sys [?]
S3 XDva170;XDva170;\??\c:\windows\system32\xdva170.sys --> c:\windows\system32\XDva170.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\xdva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]

=============== Created Last 30 ================

2009-01-09 14:19 960 a------- c:\windows\Active Setup Log.BAK
2009-01-05 19:05 1,128,960 a--sh--- C:\ehthumbs.db
2009-01-04 07:54 <DIR> --d----- c:\program files\WoC Launcher
2009-01-01 15:35 <DIR> --d----- c:\program files\World of Warcraft
2009-01-01 10:37 176,128 a------- c:\windows\system32\el98840.dll
2009-01-01 08:59 <DIR> --d----- c:\program files\NOMBZ Night of a Million Billion Zombies
2009-01-01 08:59 176,128 a------- c:\windows\system32\xwr36262.dll
2009-01-01 08:59 176,128 a------- c:\windows\system32\wr36262.dll
2009-01-01 08:59 89,777,067 a------- c:\windows\system32\xa37913640.exe
2009-01-01 08:59 89,777,067 a------- c:\windows\system32\xa37911140.exe
2008-12-31 14:52 <DIR> --d----- c:\program files\Enlight
2008-12-25 22:43 <DIR> --d----- c:\program files\dominions2demo
2008-12-25 19:52 <DIR> --d----- c:\program files\Team17
2008-12-23 19:06 <DIR> --d----- c:\program files\EcoleSoftware
2008-12-21 07:58 <DIR> --d----- C:\Nexon
2008-12-20 00:40 <DIR> --d----- c:\windows\SQLTools9_KB954606_ENU
2008-12-20 00:38 <DIR> --d----- c:\windows\SQL9_KB954606_ENU
2008-12-19 08:19 <DIR> --d----- c:\program files\Microsoft Small Business
2008-12-19 08:12 <DIR> --d----- c:\program files\MSXML 6.0
2008-12-19 08:08 <DIR> --d----- c:\program files\Microsoft SQL Server
2008-12-19 07:41 <DIR> --d----- c:\windows\SHELLNEW
2008-12-17 16:02 50 a------- c:\windows\MegaManager.INI
2008-12-17 15:55 <DIR> --d----- c:\docume~1\tom\applic~1\Megaupload
2008-12-17 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Megaupload
2008-12-17 15:54 <DIR> --d----- c:\docume~1\tom\applic~1\EmailNotifier
2008-12-17 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EmailNotifier
2008-12-17 08:37 <DIR> --d----- c:\program files\id Software
2008-12-13 15:55 <DIR> --d----- c:\program files\Astonia35
2008-12-12 19:39 <DIR> --d----- c:\windows\Logs
2008-12-11 07:22 1,071,243,792 a------- C:\MSSetupv62N.exe
2008-12-11 07:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2008-12-11 07:21 <DIR> --d----- c:\program files\Pando Networks
2008-12-10 19:48 92,208 a------- c:\windows\system32\WING.DLL
2008-12-10 19:48 12,800 a------- c:\windows\system\WING32.DLL

==================== Find3M ====================

2009-01-06 14:15 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 14:15 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-06 14:15 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 14:15 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-13 01:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-11-23 09:51 27,904 a------- c:\windows\system32\drivers\ndisprot.sys
2008-11-06 17:22 94,208 a------- c:\windows\ScUnin.exe
2008-11-06 17:22 35,190 a------- c:\windows\scunin.dat
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-24 19:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 20:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 20:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 09:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-16 09:00 666,112 a------- c:\windows\system32\dllcache\wininet.dll
2008-10-16 09:00 619,520 a------- c:\windows\system32\dllcache\urlmon.dll
2008-10-16 09:00 176,128 a------- c:\windows\system32\qnkfqvs.dll
2008-10-16 09:00 176,128 a------- c:\windows\system32\monhftd.dll
2008-10-16 09:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-10-16 00:34 337,408 a------- c:\windows\system32\dllcache\netapi32.dll
2008-09-28 12:04 24 a------- c:\documents and settings\tom\jagex_runescape_preferences.dat
2007-03-26 06:01 251 a------- c:\program files\wt3d.ini
2006-11-03 12:48 0 a------- c:\docume~1\tom\applic~1\wklnhst.dat
2008-07-28 17:57 386,933 a--sh--- c:\windows\system32\jjlnoUtv.ini2

============= FINISH: 14:27:45.18 ===============

My Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:56 PM, on 1/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kddyw.exe] C:\WINDOWS\system32\kddyw.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11094 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 14 January 2009 - 03:54 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 iwalkalone

iwalkalone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:01:16 AM

Posted 14 January 2009 - 09:48 AM

The MBAM log

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP437\A0338501.sys (Trojan.Downloader) -> Quarantined and deleted successfully.


The log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by tom at 2009-01-14 20:32:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (6%) free of 110 GB
Total RAM: 1022 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:46 PM, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\tom\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\tom.exe

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kddyw.exe] C:\WINDOWS\system32\kddyw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10490 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-19 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-17 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-17 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-17 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-02-19 609424]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-17 251504]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-17 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"nwiz"=nwiz.exe /install []
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-04-16 985440]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-23 86016]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"C:\WINDOWS\system32\kddyw.exe"=C:\WINDOWS\system32\kddyw.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
""= []
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-17 3528440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winai75.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjq06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmu63.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winow53.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpx86.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvj70.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winai75.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjq06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winmu63.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winow53.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpx86.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winvj70.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\WIZET\MapleStory\MapleStory.exe"="C:\Program Files\WIZET\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\WIZET\MapleStory\NewPatcher.exe"="C:\Program Files\WIZET\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Program Files\WIZET\MapleStory\Patcher.exe"="C:\Program Files\WIZET\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Program Files\Infogrames Interactive\Majesty - Gold Edition\Majesty\Majesty.exe"="C:\Program Files\Infogrames Interactive\Majesty - Gold Edition\Majesty\Majesty.exe:*:Enabled:Majesty"
"C:\Program Files\Steam\SteamApps\geraldmaoweijian\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\geraldmaoweijian\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe"="C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\Program Files\EA SPORTS\2006 FIFA World Cup ™\FIFAWC06.exe"="C:\Program Files\EA SPORTS\2006 FIFA World Cup ™\FIFAWC06.exe:*:Enabled:FIFAWC06"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Softnyx\WolfTeam\Wolfteam.bin"="C:\Program Files\Softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Disabled:Steam"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"E:\STHIW\stInstall.exe"="E:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"C:\Program Files\Softnyx\GunboundWC\GunBound.gme"="C:\Program Files\Softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Documents and Settings\tom\Desktop\Do Not Disturb\Battlecry III.exe"="C:\Documents and Settings\tom\Desktop\Do Not Disturb\Battlecry III.exe:*:Enabled:Warlords Battlecry III"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe"="C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe:*:Enabled:Client"
"C:\Documents and Settings\tom\Desktop\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\tom\Desktop\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70e11bae-9edf-11dc-90a1-001372399e99}]
shell\Auto\command - F:\Recycler.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycler.exe


======List of files/folders created in the last 3 months======

2009-01-14 20:32:59 ----D---- C:\rsit
2009-01-14 18:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 11:23:53 ----D---- C:\Program Files\Atari
2009-01-09 14:19:19 ----A---- C:\WINDOWS\Active Setup Log.txt
2009-01-09 14:19:19 ----A---- C:\WINDOWS\Active Setup Log.BAK
2009-01-04 07:54:29 ----D---- C:\Program Files\WoC Launcher
2009-01-01 15:35:56 ----D---- C:\Program Files\World of Warcraft
2009-01-01 10:37:08 ----A---- C:\WINDOWS\system32\el98840.dll
2009-01-01 08:59:44 ----D---- C:\Program Files\NOMBZ Night of a Million Billion Zombies
2009-01-01 08:59:38 ----A---- C:\WINDOWS\system32\xwr36262.dll
2009-01-01 08:59:38 ----A---- C:\WINDOWS\system32\wr36262.dll
2009-01-01 08:59:34 ----A---- C:\WINDOWS\system32\xa37913640.exe
2009-01-01 08:59:32 ----A---- C:\WINDOWS\system32\xa37911140.exe
2008-12-31 14:52:55 ----D---- C:\Program Files\Enlight
2008-12-25 22:43:14 ----D---- C:\Program Files\dominions2demo
2008-12-25 19:52:54 ----D---- C:\Program Files\Team17
2008-12-23 19:06:06 ----D---- C:\Program Files\EcoleSoftware
2008-12-21 07:58:25 ----D---- C:\Nexon
2008-12-20 00:40:47 ----D---- C:\WINDOWS\SQLTools9_KB954606_ENU
2008-12-20 00:38:09 ----D---- C:\WINDOWS\SQL9_KB954606_ENU
2008-12-19 08:19:02 ----D---- C:\Program Files\Microsoft Small Business
2008-12-19 08:12:24 ----D---- C:\Program Files\MSXML 6.0
2008-12-19 08:08:09 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-19 07:46:47 ----D---- C:\Program Files\Microsoft Visual Studio
2008-12-19 07:46:47 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-19 07:45:45 ----D---- C:\Program Files\Microsoft.NET
2008-12-19 07:41:55 ----D---- C:\WINDOWS\SHELLNEW
2008-12-19 07:39:13 ----RHD---- C:\MSOCache
2008-12-18 06:16:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-17 16:02:42 ----A---- C:\WINDOWS\MegaManager.INI
2008-12-17 15:55:27 ----D---- C:\Documents and Settings\tom\Application Data\Megaupload
2008-12-17 15:54:18 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-12-17 15:54:17 ----D---- C:\Documents and Settings\tom\Application Data\EmailNotifier
2008-12-17 15:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-12-17 08:37:34 ----D---- C:\Program Files\id Software
2008-12-13 15:55:28 ----D---- C:\Program Files\Astonia35
2008-12-12 19:41:13 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-12 19:41:13 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-12 19:41:13 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-12 19:41:12 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-12 19:41:12 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-12 19:41:12 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-12 19:41:11 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-12 19:41:11 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-12 19:41:11 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-12 19:41:10 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-12 19:41:10 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-12 19:41:10 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-12 19:41:09 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-12 19:41:09 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-12 19:41:09 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-12 19:41:08 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-12 19:41:08 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-12 19:41:07 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-12 19:41:07 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-12 19:41:06 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-12 19:41:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-12 19:41:05 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-12 19:41:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-12 19:41:04 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-12-12 19:41:04 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-12 19:41:04 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-12 19:41:02 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-12 19:41:02 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-12 19:41:01 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-12-12 19:39:56 ----D---- C:\WINDOWS\Logs
2008-12-11 23:42:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 23:42:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 23:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 23:40:35 ----D---- C:\Program Files\Microsoft Office
2008-12-11 23:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 23:39:38 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 23:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 07:22:37 ----A---- C:\MSSetupv62N.exe
2008-12-11 07:21:39 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2008-12-11 07:21:10 ----D---- C:\Program Files\Pando Networks
2008-12-10 22:41:07 ----A---- C:\WINDOWS\ie4 error log.txt
2008-12-10 19:48:45 ----A---- C:\WINDOWS\system32\WING.DLL
2008-12-06 00:49:09 ----D---- C:\Program Files\Mobius
2008-11-25 14:20:02 ----D---- C:\Documents and Settings\tom\Application Data\Malwarebytes
2008-11-25 14:19:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-25 14:19:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-24 11:51:18 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-22 08:34:34 ----D---- C:\Program Files\Virtual Villagers The Secret City
2008-11-20 13:33:14 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-13 06:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 06:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 06:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 19:46:25 ----D---- C:\GAME
2008-11-09 21:00:47 ----D---- C:\Program Files\Garena
2008-11-09 21:00:07 ----D---- C:\Documents and Settings\tom\Application Data\Hamachi
2008-11-06 17:21:09 ----A---- C:\WINDOWS\ScUnin.exe
2008-11-06 17:20:01 ----D---- C:\Program Files\Starcraft
2008-10-30 16:42:01 ----D---- C:\Documents and Settings\tom\Application Data\Sports Interactive
2008-10-30 16:29:48 ----D---- C:\Program Files\Sports Interactive
2008-10-27 12:18:07 ----D---- C:\Program Files\eMule
2008-10-24 06:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 23:15:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 23:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 23:15:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 23:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 23:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 23:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-16 09:00:11 ----A---- C:\WINDOWS\system32\qnkfqvs.dll
2008-10-16 09:00:11 ----A---- C:\WINDOWS\system32\monhftd.dll

======List of files/folders modified in the last 3 months======

2009-01-14 20:33:09 ----D---- C:\WINDOWS\Prefetch
2009-01-14 20:31:32 ----D---- C:\Program Files\Mozilla Firefox
2009-01-14 20:24:17 ----D---- C:\WINDOWS\Temp
2009-01-14 20:05:22 ----D---- C:\WINDOWS\Registration
2009-01-14 20:04:45 ----D---- C:\WINDOWS
2009-01-14 18:57:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-14 18:56:37 ----SHD---- C:\WINDOWS\Installer
2009-01-14 18:56:37 ----HD---- C:\Config.Msi
2009-01-14 18:56:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-14 18:56:01 ----HD---- C:\WINDOWS\inf
2009-01-14 18:55:56 ----D---- C:\WINDOWS\system32\drivers
2009-01-14 18:55:56 ----D---- C:\WINDOWS\system32\dllcache
2009-01-14 18:55:55 ----D---- C:\WINDOWS\system32
2009-01-14 18:55:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 15:28:33 ----D---- C:\Documents and Settings\tom\Application Data\BitTorrent
2009-01-14 10:32:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 15:43:25 ----D---- C:\Documents and Settings\tom\Application Data\Mozilla
2009-01-13 11:23:53 ----D---- C:\Program Files
2009-01-13 11:23:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-12 02:46:54 ----D---- C:\WINDOWS\Help
2009-01-10 14:05:37 ----D---- C:\WINDOWS\system32\en-US
2009-01-10 14:05:37 ----D---- C:\Program Files\Internet Explorer
2009-01-10 14:02:55 ----D---- C:\WINDOWS\WBEM
2009-01-10 14:02:54 ----D---- C:\WINDOWS\Media
2009-01-10 13:44:08 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-10 09:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-09 16:48:13 ----D---- C:\WINDOWS\network diagnostic
2009-01-08 23:01:34 ----D---- C:\Documents and Settings\tom\Application Data\Any Video Converter
2009-01-07 22:58:39 ----D---- C:\Program Files\msn
2009-01-06 14:15:05 ----D---- C:\Program Files\Symantec
2009-01-06 14:15:03 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-01-05 19:06:19 ----D---- C:\games
2009-01-05 19:06:12 ----D---- C:\Documents and Settings
2009-01-05 19:06:08 ----D---- C:\dell
2009-01-05 19:06:03 ----D---- C:\Downloads
2009-01-05 14:50:49 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-04 20:41:46 ----D---- C:\WINDOWS\Minidump
2009-01-02 14:36:59 ----A---- C:\AILog.txt
2009-01-01 17:07:15 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-01-01 09:05:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-01 09:05:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-01 09:04:39 ----D---- C:\WINDOWS\system32\AGEIA
2009-01-01 09:04:39 ----D---- C:\Program Files\AGEIA Technologies
2009-01-01 09:00:51 ----D---- C:\WINDOWS\system32\DirectX
2009-01-01 09:00:00 ----RSD---- C:\WINDOWS\Fonts
2008-12-31 22:50:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-27 18:47:30 ----D---- C:\Program Files\EA SPORTS
2008-12-27 15:45:59 ----D---- C:\Program Files\GameShadow
2008-12-24 15:53:53 ----D---- C:\Program Files\Veoh Networks
2008-12-23 21:38:16 ----D---- C:\WINDOWS\A3W_DATA
2008-12-23 21:36:41 ----AC---- C:\WINDOWS\civ.ini
2008-12-20 18:24:44 ----A---- C:\WINDOWS\GunzLauncher.INI
2008-12-20 00:54:55 ----RSD---- C:\WINDOWS\assembly
2008-12-20 00:52:01 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-20 00:45:47 ----A---- C:\WINDOWS\win.ini
2008-12-20 00:43:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 00:39:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-19 09:45:03 ----D---- C:\Documents and Settings\tom\Application Data\GetRightToGo
2008-12-19 08:25:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-19 08:25:18 ----D---- C:\WINDOWS\WinSxS
2008-12-19 08:19:40 ----SD---- C:\Documents and Settings\tom\Application Data\Microsoft
2008-12-19 07:47:19 ----D---- C:\Program Files\Microsoft Works
2008-12-19 07:46:47 ----D---- C:\Program Files\Common Files
2008-12-17 22:14:04 ----D---- C:\Program Files\Google
2008-12-17 22:12:31 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-17 11:27:44 ----D---- C:\Program Files\Dominions
2008-12-14 00:30:47 ----D---- C:\Program Files\RGB
2008-12-13 01:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 19:40:52 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-11 23:42:15 ----A---- C:\WINDOWS\system32\MRT.INI
2008-12-11 23:40:48 ----D---- C:\WINDOWS\Debug
2008-12-10 19:50:10 ----D---- C:\Program Files\dominions3demo
2008-12-10 19:48:45 ----D---- C:\WINDOWS\system
2008-11-30 20:19:23 ----HD---- C:\Documents and Settings\tom\Application Data\ijjigame
2008-11-28 12:45:18 ----D---- C:\Program Files\SEGA
2008-11-25 14:16:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-23 21:41:27 ----D---- C:\Documents and Settings\tom\Application Data\DNA
2008-11-23 21:31:26 ----D---- C:\Program Files\DNA
2008-11-20 10:05:12 ----D---- C:\Program Files\Softnyx
2008-11-18 18:32:59 ----D---- C:\Program Files\Geneforge 3
2008-10-30 16:27:11 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-23 20:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 18:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 09:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 09:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 09:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-16 00:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-10 12160]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-10 191544]
R2 Atmuni;ATM Call Manager; C:\WINDOWS\system32\DRIVERS\atmuni.sys [2004-08-10 352256]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 13696]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2006-11-10 15781]
R2 npkcrypt;npkcrypt; \??\C:\Program Files\WIZET\MapleStory\npkcrypt.sys []
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-01-12 13312]
R2 Rawwan;RAW WAN Driver; C:\WINDOWS\system32\DRIVERS\rawwan.sys [2004-08-10 34432]
R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 13568]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090113.024\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090113.024\NAVEX15.SYS []
R3 npkcusb;npkcusb; \??\C:\Program Files\WIZET\MapleStory\npkcusb.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-23 3959712]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-10 12984]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-10 145976]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-10 40120]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20090102.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-10 35256]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-10 27576]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 AmeAtmPc;AmeAtmPc; C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-10-28 118327]
S3 AtmElan;ATM Emulated LAN; C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-14 55808]
S3 AtmLane;ATM LAN Emulation; C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-14 55808]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-10 17480]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 Winjq06;Winjq06; \??\C:\WINDOWS\System32\drivers\Winjq06.sys []
S3 Winmu63;Winmu63; \??\C:\WINDOWS\System32\drivers\Winmu63.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S3 XDva034;XDva034; \??\C:\WINDOWS\system32\XDva034.sys []
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva038;XDva038; \??\C:\WINDOWS\system32\XDva038.sys []
S3 XDva039;XDva039; \??\C:\WINDOWS\system32\XDva039.sys []
S3 XDva042;XDva042; \??\C:\WINDOWS\system32\XDva042.sys []
S3 XDva090;XDva090; \??\C:\WINDOWS\system32\XDva090.sys []
S3 XDva104;XDva104; \??\C:\WINDOWS\system32\XDva104.sys []
S3 XDva110;XDva110; \??\C:\WINDOWS\system32\XDva110.sys []
S3 XDva121;XDva121; \??\C:\WINDOWS\system32\XDva121.sys []
S3 XDva132;XDva132; \??\C:\WINDOWS\system32\XDva132.sys []
S3 XDva152;XDva152; \??\C:\WINDOWS\system32\XDva152.sys []
S3 XDva170;XDva170; \??\C:\WINDOWS\system32\XDva170.sys []
S3 XDva177;XDva177; \??\C:\WINDOWS\system32\XDva177.sys []
S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-08-05 29184016]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-03-26 1251720]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-23 155715]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-13 49248]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 137200]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2007-01-14 80504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------


The info.txt

info.txt logfile of random's system information tool 1.05 2009-01-14 20:35:24

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acclaim Game Launcher Plugin-->C:\WINDOWS\system32\AcclaimGames\GameLauncher\acclaimuninstall.exe /Uninstall activex
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Any Video Converter 2.6.3-->"C:\Program Files\Any Video Converter\unins000.exe"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Astonia35-->"C:\Program Files\Astonia35\uninstall.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avernum 5-->MsiExec.exe /X{47273CEF-C70E-40E9-80DE-FA9BE55AD1BB}
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP2000-->C:\WINDOWS\system32\CNMCP66.exe "-PRINTERNAMECanon PIXMA iP2000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP2000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP2000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Civ3MultiTool-->"C:\Program Files\C3MT\unins000.exe"
Civilization III - Play the World v1.27F-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}\Setup.exe"
Civilization III v1.29f-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}\Setup.exe"
Coliseum Demo Version 1.6-->C:\Program Files\ColiseumDemo\Uninstal.exe
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Dell Support 3.2-->MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSL500U ADSL USB Modem-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEBED42E-0BF4-11D5-928C-0060677630C4}\Setup.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Fate?^hollow ataraxia Trial Edition.-->C:\Program Files\Fate?^hollow ataraxia Trial Edition\uninst.exe
Football Manager 2007-->C:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
GameGuard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC6C9379-5BF4-43D4-8306-3ACE0C6B315E}\Setup.exe" -l0x9
GDR 3073 for SQL Server Database Services 2005 ENU (KB954606)-->C:\WINDOWS\SQL9_KB954606_ENU\Hotfix.exe /Uninstall
GDR 3073 for SQL Server Tools and Workstation Components 2005 ENU (KB954606)-->C:\WINDOWS\SQLTools9_KB954606_ENU\Hotfix.exe /Uninstall
GearDrvs-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Geneforge 3-->C:\WINDOWS\iun504.exe C:\Program Files\Geneforge 3\irunin.ini
Geneforge 4-->MsiExec.exe /X{49DC0DD3-1370-41E4-B82C-552EB4985F89}
getPlus®-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kicks_Online-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F25FB5F-65B9-4CD8-9BCF-9C03EF866566}\Setup.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Majesty - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{212125C1-E5A3-4810-A057-C20FB2A79327}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
MapleStory-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}\setup.exe" -l0x9 -removeonly
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Halo Trial-->"C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2008 Equifax Addin-->MsiExec.exe /X{0C2AF762-0565-4C91-9F55-B8B53BB82A38}
Microsoft Office Accounting 2008 Fixed Asset Manager-->MsiExec.exe /X{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}
Microsoft Office Accounting 2008 PayPal Addin-->MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}
Microsoft Office Accounting 2008-->"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting 2008-->MsiExec.exe /X{270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting ADP Payroll Addin-->MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Need for Speed? Most Wanted PC Demo-->C:\Program Files\EA GAMES\Need for Speed Most Wanted PC Demo\EAUninstall.exe
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Security Scan-->MsiExec.exe /I{3A0DAB34-2534-42EC-9532-FBCE649FD92B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Quake 4 Multiplayer Demo 1.4.2-->C:\Program Files\id Software\Quake 4 Multiplayer Demo\uninst.exe
Quake 4™ Demo-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BAB004F0-F04C-49DD-8118-AE4A7697C469} /l2057
Raw-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E9FD9A7-A7A4-4843-810E-6EB1B61F373F}\Setup.exe" -l0x9
Risk II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28F9CB51-2F81-40BF-9545-6FD1FCB1AC44}\SETUP.EXE" -l0x9
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Softnyx Launcher-->"C:\Program Files\Softnyx\Launcher\unins000.exe"
Soldier Front-->"C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Solid State ION Internet Explorer Plugin-->C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\soliduninstall.exe /Uninstall activex
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VirtuaGirl HD-->C:\Documents and Settings\tom\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
Virtual Villagers The Secret City-->"C:\Program Files\Virtual Villagers The Secret City\ReflexiveArcade\unins000.exe"
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM-->MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC (x86) WinSXS MSM-->MsiExec.exe /I{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM-->MsiExec.exe /I{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}
Warlords Battlecry III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93DA8968-092B-4E6F-B568-AB8471952143}\Setup.exe" -l0x9
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WolfTeam International-->"C:\Program Files\Softnyx\WolfTeam\unins000.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O2 - BHO: {fdea5c72-0aa3-325b-bdd4-9c5a6703cdf8} - {8fdc3076-a5c9-4ddb-b523-3aa027c5aedf} - C:\WINDOWS\system32\pukimp.dll
O4 - HKLM\..\Run: [d8856c3b] rundll32.exe "C:\WINDOWS\system32\vxeeuhld.dll",b
O2 - BHO: (no name) - {52091FCA-32C5-4480-AE69-9C4D92741994} - C:\WINDOWS\system32\vtUonljj.dll
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: Dell Network Assistant.lnk = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dell Network Assistant.lnk = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe (User 'Default user')
O4 - Startup: Dell Network Assistant.lnk = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7922929E-91CD-47AF-85CD-1739CADA8577}: NameServer = 85.255.112.143;85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{7922929E-91CD-47AF-85CD-1739CADA8577}: NameServer = 85.255.112.143;85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{7922929E-91CD-47AF-85CD-1739CADA8577}: NameServer = 85.255.112.143;85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{7922929E-91CD-47AF-85CD-1739CADA8577}: NameServer = 85.255.112.143;85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{7922929E-91CD-47AF-85CD-1739CADA8577}: NameServer = 85.255.112.143;85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{7922929E-91CD-47AF-85CD-1739CADA8577}: NameServer = 85.255.112.143;85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{7922929E-91CD-47AF-85CD-1739CADA8577}: NameServer = 85.255.112.143;85.255.112.94

======Security center information======

AV: Norton 360
FW: Norton 360

System event log

Computer Name: DDM5FM1S
Event Code: 7036
Message: The LiveUpdate service entered the running state.

Record Number: 19364
Source Name: Service Control Manager
Time Written: 20090106221329.000000+480
Event Type: information
User:

Computer Name: DDM5FM1S
Event Code: 7035
Message: The LiveUpdate service was successfully sent a start control.

Record Number: 19363
Source Name: Service Control Manager
Time Written: 20090106221329.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DDM5FM1S
Event Code: 10000
Message: Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The error:
"%2"
Happened while starting this command:
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

Record Number: 19362
Source Name: DCOM
Time Written: 20090106220906.000000+480
Event Type: error
User: DDM5FM1S\tom

Computer Name: DDM5FM1S
Event Code: 10000
Message: Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The error:
"%2"
Happened while starting this command:
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

Record Number: 19361
Source Name: DCOM
Time Written: 20090106220905.000000+480
Event Type: error
User: DDM5FM1S\tom

Computer Name: DDM5FM1S
Event Code: 10000
Message: Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The error:
"%2"
Happened while starting this command:
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

Record Number: 19360
Source Name: DCOM
Time Written: 20090106220903.000000+480
Event Type: error
User: DDM5FM1S\tom

Application event log

Computer Name: DDM5FM1S
Event Code: 0
Message:
Record Number: 15201
Source Name: LiveUpdate Notice Service
Time Written: 20090101232334.000000+480
Event Type: information
User:

Computer Name: DDM5FM1S
Event Code: 0
Message:
Record Number: 15200
Source Name: LiveUpdate Notice Service
Time Written: 20090101232334.000000+480
Event Type: information
User:

Computer Name: DDM5FM1S
Event Code: 34
Message: The 'LiveUpdate Notice Ex' service is starting.

Record Number: 15199
Source Name: ccSvcHst
Time Written: 20090101232334.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DDM5FM1S
Event Code: 35
Message: The 'ccEvtMgr' service has started.

Record Number: 15198
Source Name: ccSvcHst
Time Written: 20090101232334.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DDM5FM1S
Event Code: 34
Message: The 'ccEvtMgr' service is starting.

Record Number: 15197
Source Name: ccSvcHst
Time Written: 20090101232332.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"sourcesdk"=c:\program files\steam\steamapps\geraldmaoweijian\sourcesdk
"VProject"=c:\program files\steam\steamapps\geraldmaoweijian\counter-strike source\cstrike

-----------------EOF-----------------

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 14 January 2009 - 10:16 AM

Lets do this first...

Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 iwalkalone

iwalkalone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:01:16 AM

Posted 14 January 2009 - 08:12 PM

mbr.log

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 15 January 2009 - 03:39 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 iwalkalone

iwalkalone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:01:16 AM

Posted 15 January 2009 - 11:03 PM

Just to let you know, it did not ask me to install the recovery console.

Combofix log

ComboFix 09-01-13.04 - tom 2009-01-16 11:45:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1022.210 [GMT 8:00]
Running from: c:\documents and settings\tom\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\api32.dll
c:\windows\system32\jjlnoUtv.ini
c:\windows\system32\jjlnoUtv.ini2
D:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-14 20:37 . 2009-01-14 20:37 250 --a------ c:\windows\gmer.ini
2009-01-14 20:32 . 2009-01-14 20:35 <DIR> d-------- C:\rsit
2009-01-13 11:23 . 2009-01-13 11:23 <DIR> d-------- c:\program files\Atari
2009-01-10 14:03 . 2009-01-10 14:03 230 --a------ c:\windows\system32\spupdsvc.inf
2009-01-09 14:19 . 2009-01-10 13:33 854 --a------ c:\windows\Active Setup Log.BAK
2009-01-05 19:06 . 2009-01-07 23:04 189,952 --ahs---- c:\documents and settings\ehthumbs.db
2009-01-05 19:05 . 2009-01-07 23:04 1,128,960 --ahs---- C:\ehthumbs.db
2009-01-04 07:54 . 2009-01-04 07:54 <DIR> d-------- c:\program files\WoC Launcher
2009-01-01 15:35 . 2009-01-04 20:45 <DIR> d-------- c:\program files\World of Warcraft
2009-01-01 10:37 . 2009-01-01 10:37 176,128 --a------ c:\windows\system32\el98840.dll
2009-01-01 08:59 . 2009-01-01 09:02 <DIR> d-------- c:\program files\NOMBZ Night of a Million Billion Zombies
2009-01-01 08:59 . 2009-01-01 08:59 89,777,067 --a------ c:\windows\system32\xa37913640.exe
2009-01-01 08:59 . 2009-01-01 08:59 89,777,067 --a------ c:\windows\system32\xa37911140.exe
2009-01-01 08:59 . 2009-01-01 08:59 176,128 --a------ c:\windows\system32\xwr36262.dll
2009-01-01 08:59 . 2009-01-01 08:59 176,128 --a------ c:\windows\system32\wr36262.dll
2008-12-31 14:52 . 2008-12-31 14:52 <DIR> d-------- c:\program files\Enlight
2008-12-25 22:43 . 2008-12-25 23:04 <DIR> d-------- c:\program files\dominions2demo
2008-12-25 19:52 . 2008-12-26 08:15 <DIR> d-------- c:\program files\Team17
2008-12-23 19:06 . 2008-12-23 19:06 <DIR> d-------- c:\program files\EcoleSoftware
2008-12-21 07:58 . 2008-12-31 07:42 <DIR> d-------- C:\Nexon
2008-12-20 00:40 . 2008-12-20 00:40 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2008-12-20 00:38 . 2008-12-20 00:38 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2008-12-19 08:19 . 2008-12-19 08:27 <DIR> d-------- c:\program files\Microsoft Small Business
2008-12-19 08:12 . 2008-12-19 08:12 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-19 08:08 . 2008-12-20 00:40 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-12-19 07:45 . 2008-12-19 08:15 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-19 07:41 . 2008-12-19 07:46 <DIR> d-------- c:\windows\SHELLNEW
2008-12-19 07:39 . 2008-12-19 07:39 <DIR> dr-h----- C:\MSOCache
2008-12-17 16:02 . 2008-12-17 16:03 50 --a------ c:\windows\MegaManager.INI
2008-12-17 15:55 . 2008-12-17 15:55 <DIR> d-------- c:\documents and settings\tom\Application Data\Megaupload
2008-12-17 15:54 . 2008-12-17 15:54 <DIR> d-------- c:\documents and settings\tom\Application Data\EmailNotifier
2008-12-17 15:54 . 2008-12-17 15:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Megaupload
2008-12-17 15:54 . 2008-12-17 15:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier
2008-12-17 08:37 . 2008-12-17 18:42 <DIR> d-------- c:\program files\id Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 03:53 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-16 00:22 --------- d-----w c:\documents and settings\tom\Application Data\BitTorrent
2009-01-14 10:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-13 03:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-09 05:25 --------- d-----w c:\program files\Garena
2009-01-08 15:01 --------- d-----w c:\documents and settings\tom\Application Data\Any Video Converter
2009-01-06 06:15 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 06:15 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 06:15 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 06:15 --------- d-----w c:\program files\Symantec
2009-01-05 06:50 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-01 09:07 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-01-01 01:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-01 01:04 --------- d-----w c:\program files\AGEIA Technologies
2008-12-30 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2008-12-27 10:47 --------- d-----w c:\program files\EA SPORTS
2008-12-27 07:45 --------- d-----w c:\program files\GameShadow
2008-12-24 07:53 --------- d-----w c:\program files\Veoh Networks
2008-12-19 01:45 --------- d-----w c:\documents and settings\tom\Application Data\GetRightToGo
2008-12-18 23:47 --------- d-----w c:\program files\Microsoft Works
2008-12-17 14:14 --------- d-----w c:\program files\Google
2008-12-17 03:27 --------- d-----w c:\program files\Dominions
2008-12-13 16:30 --------- d-----w c:\program files\RGB
2008-12-13 07:55 --------- d-----w c:\program files\Astonia35
2008-12-12 11:02 --------- d-----w c:\program files\Mobius
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 00:38 1,071,243,792 ----a-w C:\MSSetupv62N.exe
2008-12-10 23:21 --------- d-----w c:\program files\Pando Networks
2008-12-10 11:50 --------- d-----w c:\program files\dominions3demo
2008-11-30 12:19 --------- d--h--w c:\documents and settings\tom\Application Data\ijjigame
2008-11-28 04:45 --------- d-----w c:\program files\SEGA
2008-11-25 06:20 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-25 06:20 --------- d-----w c:\documents and settings\tom\Application Data\Malwarebytes
2008-11-25 06:19 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 06:16 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-24 03:51 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-23 13:41 --------- d-----w c:\documents and settings\tom\Application Data\DNA
2008-11-23 13:31 --------- d-----w c:\program files\DNA
2008-11-23 01:51 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-22 08:05 --------- d-----w c:\program files\Virtual Villagers The Secret City
2008-11-20 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-11-20 02:05 --------- d-----w c:\program files\Softnyx
2008-11-18 10:32 --------- d-----w c:\program files\Geneforge 3
2008-11-06 09:22 94,208 ----a-w c:\windows\ScUnin.exe
2008-09-28 04:04 24 ----a-w c:\documents and settings\tom\jagex_runescape_preferences.dat
2007-03-25 22:01 251 ----a-w c:\program files\wt3d.ini
2006-11-03 04:48 0 ----a-w c:\documents and settings\tom\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-17 3528440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-04-16 985440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 c:\windows\stsystra.exe]
"nwiz"="nwiz.exe" [2006-08-23 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-10-22 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"msacm.l3acm"= c:\program files\WIZET\MapleStory\l3codeca.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\wkgszvx.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjq06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmu63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\WIZET\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Documents and Settings\\tom\\Desktop\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"64143:TCP"= 64143:TCP:SolidNetworkManager
"64143:UDP"= 64143:UDP:SolidNetworkManager
"17695:TCP"= 17695:TCP:BitComet 17695 TCP
"17695:UDP"= 17695:UDP:BitComet 17695 UDP
"20357:TCP"= 20357:TCP:*:Disabled:SolidNetworkManager
"20357:UDP"= 20357:UDP:*:Disabled:SolidNetworkManager
"56675:TCP"= 56675:TCP:Pando Media Booster
"56675:UDP"= 56675:UDP:Pando Media Booster

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-03 99376]
R4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-01-12 13696]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-01-12 13568]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [2006-11-01 118327]
S3 AtmElan;ATM Emulated LAN;c:\windows\system32\drivers\atmlane.sys [2005-08-16 55808]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\drivers\atmlane.sys [2005-08-16 55808]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-07-20 31592]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 Winjq06;Winjq06;\??\c:\windows\System32\drivers\Winjq06.sys --> c:\windows\System32\drivers\Winjq06.sys [?]
S3 Winmu63;Winmu63;\??\c:\windows\System32\drivers\Winmu63.sys --> c:\windows\System32\drivers\Winmu63.sys [?]
S3 XDva034;XDva034;\??\c:\windows\system32\XDva034.sys --> c:\windows\system32\XDva034.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva038;XDva038;\??\c:\windows\system32\XDva038.sys --> c:\windows\system32\XDva038.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva042;XDva042;\??\c:\windows\system32\XDva042.sys --> c:\windows\system32\XDva042.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva104;XDva104;\??\c:\windows\system32\XDva104.sys --> c:\windows\system32\XDva104.sys [?]
S3 XDva110;XDva110;\??\c:\windows\system32\XDva110.sys --> c:\windows\system32\XDva110.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?]
S3 XDva152;XDva152;\??\c:\windows\system32\XDva152.sys --> c:\windows\system32\XDva152.sys [?]
S3 XDva170;XDva170;\??\c:\windows\system32\XDva170.sys --> c:\windows\system32\XDva170.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - McrdSvc
*Deregistered* - MSSQL$MSSMLBIZ
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - SQLWriter
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - w32time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-02-21 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-c:\windows\system32\kddyw.exe - c:\windows\system32\kddyw.exe
SafeBoot-Winai75.sys
SafeBoot-Winow53.sys
SafeBoot-Winpx86.sys
SafeBoot-Winvj70.sys


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://finance.yahoo.com/
mStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
uInternet Settings,ProxyOverride = 192.168.1.254
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

c:\windows\Downloaded Program Files\stg_drm.ocx - O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\Monopoly\Images\stg_drm.ocx

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file://c:\program files\Monopoly\Images\armhelper.ocx
FF - ProfilePath - c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\bofscsss.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 11:53:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell]
@="open"

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\open]
@="&Open"

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Open \"%L\""

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Play \"%L\""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-01-16 11:58:08 - machine was rebooted [tom]
ComboFix-quarantined-files.txt 2009-01-16 03:58:04

Pre-Run: 5,793,292,288 bytes free
Post-Run: 5,751,861,248 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
326 --- E O F --- 2009-01-14 10:56:37

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:46 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10123 bytes

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 16 January 2009 - 01:36 AM

Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system32\el98840.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.


Repeat this step with below files

c:\windows\system32\xa37913640.exe
c:\windows\system32\xwr36262.dll



Post all three results in your next reply..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 iwalkalone

iwalkalone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:01:16 AM

Posted 18 January 2009 - 02:55 AM

Sorry for the late reply,

These are the scan for c:\windows\system32\el98840.dll

http://www.virscan.org/report/fe05bb523a81...7fdb618306.html

c:\windows\system32\xwr36262.dll

http://virscan.org/report/625818bd06c0cb66...d55a39667d.html

I have a problem, for c:\windows\system32\xa37913640.exe it is 85mb so it can't be uploaded on virscan.org and takes almost forever on virustotal.com. Do you want me to try and upload it on virustotal.com or do you have other ideas?

Edited by iwalkalone, 18 January 2009 - 02:56 AM.


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 18 January 2009 - 03:42 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
Winjq06
Winmu63
Ndisprot

File::
c:\windows\system32\el98840.dll
c:\windows\system32\xa37913640.exe
c:\windows\system32\xa37911140.exe
c:\windows\system32\xwr36262.dll
c:\windows\system32\wr36262.dll
c:\windows\System32\drivers\Winjq06.sys
c:\windows\System32\drivers\Winmu63.sys
c:\windows\system32\drivers\ndisprot.sys

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell]
[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\open]
[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\play]
[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\play\command]

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjq06.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmu63.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 iwalkalone

iwalkalone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:01:16 AM

Posted 19 January 2009 - 04:06 AM

Okay done it, heres the the Combofix log

ComboFix 09-01-18.03 - tom 2009-01-19 16:51:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1022.604 [GMT 8:00]
Running from: c:\documents and settings\tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tom\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\drivers\ndisprot.sys
c:\windows\System32\drivers\Winjq06.sys
c:\windows\System32\drivers\Winmu63.sys
c:\windows\system32\el98840.dll
c:\windows\system32\wr36262.dll
c:\windows\system32\xa37911140.exe
c:\windows\system32\xa37913640.exe
c:\windows\system32\xwr36262.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ndisprot.sys
c:\windows\system32\el98840.dll
c:\windows\system32\wr36262.dll
c:\windows\system32\xa37911140.exe
c:\windows\system32\xa37913640.exe
c:\windows\system32\xwr36262.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISPROT
-------\Service_Ndisprot
-------\Service_Winjq06
-------\Service_Winmu63


((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-19 09:25 . 2009-01-19 09:25 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-18 09:26 . 2009-01-18 09:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\NexonUS
2009-01-17 09:51 . 2009-01-17 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\IJJIGame
2009-01-17 09:49 . 2008-12-18 15:09 208,384 --a------ c:\windows\system32\uc_rohan_launching.dll
2009-01-17 09:49 . 2008-12-12 16:27 87,472 --a------ c:\windows\system32\ijjiChannelingPlugin.dll
2009-01-14 20:37 . 2009-01-14 20:37 250 --a------ c:\windows\gmer.ini
2009-01-13 11:23 . 2009-01-13 11:23 <DIR> d-------- c:\program files\Atari
2009-01-10 14:03 . 2009-01-10 14:03 230 --a------ c:\windows\system32\spupdsvc.inf
2009-01-09 14:19 . 2009-01-10 13:33 854 --a------ c:\windows\Active Setup Log.BAK
2009-01-05 19:06 . 2009-01-07 23:04 189,952 --ahs---- c:\documents and settings\ehthumbs.db
2009-01-05 19:05 . 2009-01-07 23:04 1,128,960 --ahs---- C:\ehthumbs.db
2009-01-04 07:54 . 2009-01-04 07:54 <DIR> d-------- c:\program files\WoC Launcher
2009-01-01 15:35 . 2009-01-04 20:45 <DIR> d-------- c:\program files\World of Warcraft
2009-01-01 08:59 . 2009-01-01 09:02 <DIR> d-------- c:\program files\NOMBZ Night of a Million Billion Zombies
2008-12-31 14:52 . 2008-12-31 14:52 <DIR> d-------- c:\program files\Enlight
2008-12-25 22:43 . 2008-12-25 23:04 <DIR> d-------- c:\program files\dominions2demo
2008-12-25 19:52 . 2008-12-26 08:15 <DIR> d-------- c:\program files\Team17
2008-12-23 19:06 . 2008-12-23 19:06 <DIR> d-------- c:\program files\EcoleSoftware
2008-12-21 07:58 . 2009-01-18 09:26 <DIR> d-------- C:\Nexon
2008-12-20 00:40 . 2008-12-20 00:40 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2008-12-20 00:38 . 2008-12-20 00:38 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2008-12-19 08:19 . 2008-12-19 08:27 <DIR> d-------- c:\program files\Microsoft Small Business
2008-12-19 08:12 . 2008-12-19 08:12 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-19 08:08 . 2008-12-20 00:40 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-12-19 07:45 . 2008-12-19 08:15 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-19 07:41 . 2008-12-19 07:46 <DIR> d-------- c:\windows\SHELLNEW
2008-12-19 07:39 . 2008-12-19 07:39 <DIR> dr-h----- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 08:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-19 01:25 --------- d-----w c:\program files\Java
2009-01-18 13:25 --------- d-----w c:\documents and settings\tom\Application Data\BitTorrent
2009-01-18 00:43 --------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2009-01-14 10:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-13 03:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-09 05:25 --------- d-----w c:\program files\Garena
2009-01-08 15:01 --------- d-----w c:\documents and settings\tom\Application Data\Any Video Converter
2009-01-06 06:15 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 06:15 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 06:15 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 06:15 --------- d-----w c:\program files\Symantec
2009-01-05 06:50 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-01 09:07 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-01-01 01:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-01 01:04 --------- d-----w c:\program files\AGEIA Technologies
2008-12-27 10:47 --------- d-----w c:\program files\EA SPORTS
2008-12-27 07:45 --------- d-----w c:\program files\GameShadow
2008-12-24 07:53 --------- d-----w c:\program files\Veoh Networks
2008-12-19 01:45 --------- d-----w c:\documents and settings\tom\Application Data\GetRightToGo
2008-12-18 23:47 --------- d-----w c:\program files\Microsoft Works
2008-12-17 14:14 --------- d-----w c:\program files\Google
2008-12-17 10:42 --------- d-----w c:\program files\id Software
2008-12-17 07:55 --------- d-----w c:\documents and settings\tom\Application Data\Megaupload
2008-12-17 07:54 --------- d-----w c:\documents and settings\tom\Application Data\EmailNotifier
2008-12-17 07:54 --------- d-----w c:\documents and settings\All Users\Application Data\Megaupload
2008-12-17 07:54 --------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier
2008-12-17 03:27 --------- d-----w c:\program files\Dominions
2008-12-13 16:30 --------- d-----w c:\program files\RGB
2008-12-13 07:55 --------- d-----w c:\program files\Astonia35
2008-12-12 11:02 --------- d-----w c:\program files\Mobius
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 00:38 1,071,243,792 ----a-w C:\MSSetupv62N.exe
2008-12-10 23:21 --------- d-----w c:\program files\Pando Networks
2008-12-10 11:50 --------- d-----w c:\program files\dominions3demo
2008-11-30 12:19 --------- d--h--w c:\documents and settings\tom\Application Data\ijjigame
2008-11-28 04:45 --------- d-----w c:\program files\SEGA
2008-11-25 06:20 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-25 06:20 --------- d-----w c:\documents and settings\tom\Application Data\Malwarebytes
2008-11-25 06:19 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 06:16 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-24 03:51 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-23 13:41 --------- d-----w c:\documents and settings\tom\Application Data\DNA
2008-11-23 13:31 --------- d-----w c:\program files\DNA
2008-11-22 08:05 --------- d-----w c:\program files\Virtual Villagers The Secret City
2008-11-20 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-11-20 02:05 --------- d-----w c:\program files\Softnyx
2008-11-06 09:22 94,208 ----a-w c:\windows\ScUnin.exe
2008-09-28 04:04 24 ----a-w c:\documents and settings\tom\jagex_runescape_preferences.dat
2007-03-25 22:01 251 ----a-w c:\program files\wt3d.ini
2006-11-03 04:48 0 ----a-w c:\documents and settings\tom\Application Data\wklnhst.dat
2008-12-18 07:09 208,384 ----a-w c:\program files\mozilla firefox\plugins\uc_rohan_launching.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-16_11.56.50.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-09 01:12:19 579,032 ----a-w c:\windows\Downloaded Program Files\PLauncher.exe
+ 2009-01-17 01:31:19 579,032 ----a-w c:\windows\Downloaded Program Files\PLauncher.exe
- 2007-09-24 14:30:28 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-01-19 01:25:05 144,792 ----a-w c:\windows\system32\java.exe
- 2007-09-24 14:30:30 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-19 01:25:05 144,792 ----a-w c:\windows\system32\javaw.exe
- 2007-09-24 15:31:42 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-19 01:25:05 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-19 08:58:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_290.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-17 3528440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-04-16 985440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 c:\windows\stsystra.exe]
"nwiz"="nwiz.exe" [2006-08-23 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-10-22 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"msacm.l3acm"= c:\program files\WIZET\MapleStory\l3codeca.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\wkgszvx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\WIZET\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Documents and Settings\\tom\\Desktop\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"64143:TCP"= 64143:TCP:SolidNetworkManager
"64143:UDP"= 64143:UDP:SolidNetworkManager
"17695:TCP"= 17695:TCP:BitComet 17695 TCP
"17695:UDP"= 17695:UDP:BitComet 17695 UDP
"20357:TCP"= 20357:TCP:*:Disabled:SolidNetworkManager
"20357:UDP"= 20357:UDP:*:Disabled:SolidNetworkManager
"56675:TCP"= 56675:TCP:Pando Media Booster
"56675:UDP"= 56675:UDP:Pando Media Booster

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-03 99376]
R4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-01-12 13696]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-01-12 13568]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [2006-11-01 118327]
S3 AtmElan;ATM Emulated LAN;c:\windows\system32\drivers\atmlane.sys [2005-08-16 55808]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\drivers\atmlane.sys [2005-08-16 55808]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-07-20 31592]
S3 XDva034;XDva034;\??\c:\windows\system32\XDva034.sys --> c:\windows\system32\XDva034.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva038;XDva038;\??\c:\windows\system32\XDva038.sys --> c:\windows\system32\XDva038.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva042;XDva042;\??\c:\windows\system32\XDva042.sys --> c:\windows\system32\XDva042.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva104;XDva104;\??\c:\windows\system32\XDva104.sys --> c:\windows\system32\XDva104.sys [?]
S3 XDva110;XDva110;\??\c:\windows\system32\XDva110.sys --> c:\windows\system32\XDva110.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?]
S3 XDva152;XDva152;\??\c:\windows\system32\XDva152.sys --> c:\windows\system32\XDva152.sys [?]
S3 XDva170;XDva170;\??\c:\windows\system32\XDva170.sys --> c:\windows\system32\XDva170.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - LmHosts
*Deregistered* - McrdSvc
*Deregistered* - MSSQL$MSSMLBIZ
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - SQLWriter
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - w32time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
.
Contents of the 'Scheduled Tasks' folder

2008-02-21 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://finance.yahoo.com/
mStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
uInternet Settings,ProxyOverride = 192.168.1.254
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

c:\windows\Downloaded Program Files\stg_drm.ocx - O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\Monopoly\Images\stg_drm.ocx

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file://c:\program files\Monopoly\Images\armhelper.ocx
FF - ProfilePath - c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\bofscsss.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 16:58:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell]
@="open"

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\open]
@="&Open"

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Open \"%L\""

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"

[HKEY_LOCAL_MACHINE\software\Classes\・・m*p*3*_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Play \"%L\""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\combofix\hidec.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 2009-01-19 17:03:12 - machine was rebooted [tom]
ComboFix-quarantined-files.txt 2009-01-19 09:01:54

Pre-Run: 3,134,320,640 bytes free
Post-Run: 2,940,977,152 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
340 --- E O F --- 2009-01-14 10:56:37

And the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:15 PM, on 1/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10578 bytes

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 20 January 2009 - 07:11 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 iwalkalone

iwalkalone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:01:16 AM

Posted 20 January 2009 - 11:45 PM

Heres the log

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3782 (20090121)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=4996e92d6815b0499fefacd06e28d5e6
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-21 04:35:06
# local_time=2009-01-21 12:35:06 (+0800, Malay Peninsula Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=455552
# found=6
# scan_time=6799
C:\Program Files\Search Settings\SearchSettings.exe Win32/Adware.Toolbar.Dealio application (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\el98840.dll.vir Win32/BHO.NLA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\wr36262.dll.vir Win32/BHO.NLC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\xwr36262.dll.vir Win32/BHO.NLC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\monhftd.dll Win32/BHO.NLC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\qnkfqvs.dll Win32/BHO.NLA trojan (unable to clean - deleted) 00000000000000000000000000000000

My computer seems okay though.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 21 January 2009 - 05:46 AM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 iwalkalone

iwalkalone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:01:16 AM

Posted 22 January 2009 - 09:58 PM

Well computer seems normal to me, i don't think that there is a problem with it already. Thanks for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users