Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant popups-possible Virtumonde infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 FranDaMan

FranDaMan

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 10 January 2009 - 05:16 AM

I am running this log on my wife's laptop. For the last couple of days she started to get popupads when she opens her hotmail account and sometimes when working in Firefox. I ran adaware and it told me we had a virtumonde infection. I told it to remove it. Then ran a scan with the norton VIRTUMONDE removal tool and with vundofix. Both came up clean. She still has those annoying popups though. Also looked around the registry for signs of a virtumonde infection but couldn't find anything there.

Hope someone can rid us of these popups.

--------------------------------------------------------------------------------------------------------
DDS (Ver_09-01-07.01) - NTFSx86
Run by Candace at 11:08:31.42 on Sat 01/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.368 [GMT 1:00]

FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\adobeupd.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Candace\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.msnusers.com/20sPlayground/sigpickup.msnw?all_topics=1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfGvurO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {136f4741-59c5-abb9-8734-14a1f2c0ea6a}: {a6ae0c2f-1a41-4378-9bba-5c951474f631} - c:\windows\system32\pyffll.dll
BHO: {ae5eb4e6-bd46-44d2-9dc3-56ed940ae0f2} - c:\windows\system32\ddcBQGWP.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools\daemon.exe" -autorun
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [<NO NAME>]
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SNPSTD2] c:\windows\vsnpstd2.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [adobeupd] c:\windows\adobeupd.exe
mRun: [98d35f6d] rundll32.exe "c:\windows\system32\brdqpvgo.dll",b
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {A64CC4DB-D67E-40B5-A231-BA12D4C07364} = 62.179.104.196,212.142.28.69
Notify: igfxcui - igfxdev.dll
Notify: khfGvurO - khfGvurO.dll
AppInit_DLLs: pyffll.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfGvurO.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcBQGWP

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\candace\applic~1\mozilla\firefox\profiles\1ds2hv5k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-8-23 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-9-18 394952]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 cpuz129;cpuz129;\??\c:\docume~1\candace\locals~1\temp\cpuz_x32.sys --> c:\docume~1\candace\locals~1\temp\cpuz_x32.sys [?]

=============== Created Last 30 ================

2009-01-10 10:13 103,936 a------- c:\windows\system32\pyffll.dll
2009-01-10 10:13 103,936 a------- c:\windows\system32\tosvkwby.dll
2009-01-10 10:11 1,265,525 ---sh--- c:\windows\system32\ogvpqdrb.ini
2009-01-10 10:11 68,096 a------- c:\windows\system32\brdqpvgo.dll
2009-01-09 22:37 46,080 a------- c:\windows\system32\efcYsTlm.dll
2009-01-09 19:10 <DIR> --d----- C:\VundoFix Backups
2009-01-09 19:00 <DIR> --d----- c:\program files\Lavasoft
2009-01-09 08:37 103,424 a------- c:\windows\system32\puoadd.dll
2009-01-09 08:37 103,424 a------- c:\windows\system32\jcbevbtr.dll
2009-01-09 08:35 68,608 a------- c:\windows\system32\rhaaprsc.dll
2009-01-09 08:35 1,343,908 ---sh--- c:\windows\system32\csrpaahr.ini
2009-01-08 22:03 1,343,908 ---sh--- c:\windows\system32\qlolcsga.ini
2009-01-08 22:00 104,448 a------- c:\windows\system32\sazaam.dll
2009-01-08 22:00 104,448 a------- c:\windows\system32\nffvrmgj.dll
2009-01-07 22:01 1,343,908 ---sh--- c:\windows\system32\wctojomr.ini
2009-01-07 21:59 103,424 a------- c:\windows\system32\xwwfrp.dll
2009-01-07 21:59 103,424 a------- c:\windows\system32\mnpovwvv.dll
2009-01-07 21:26 37,888 a------- c:\windows\system32\rqRIawVM.dll
2009-01-06 07:50 232,608 a--sh--- c:\windows\system32\PWGQBcdd.ini2
2009-01-06 07:50 232,608 a--sh--- c:\windows\system32\PWGQBcdd.ini
2009-01-06 07:50 236,032 a------- c:\windows\system32\ddcBQGWP.dll
2009-01-06 07:45 72,192 a------- c:\windows\system32\ssqRKebC.dll
2009-01-06 07:45 36,864 a------- c:\windows\system32\khfGvurO.dll
2009-01-05 22:39 0 a------- c:\windows\TPTray.INI
2008-12-28 16:24 36 a------- c:\windows\adobeupdate.ini
2008-12-28 16:19 <DIR> --d----- c:\windows\DQ Tycoon
2008-12-28 16:19 <DIR> --d----- c:\program files\DQ Tycoon
2008-12-28 16:18 73,728 a------- c:\windows\adobeupd.exe
2008-12-28 16:18 67,761,937 a------- c:\windows\tmp392438

==================== Find3M ====================

2009-01-09 22:20 18,157,600 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-09 19:37 214,424 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-11-14 16:08 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 20:13 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2006-12-12 10:13 32,768 ac------ c:\docume~1\alluse~1\applic~1\EBLib.dll
2006-07-28 15:25 19,456 ac------ c:\docume~1\alluse~1\applic~1\LPCFilter.sys

============= FINISH: 11:10:25.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 12 January 2009 - 02:54 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 FranDaMan

FranDaMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 13 January 2009 - 02:03 PM

Thanx in advance for the help !

here is the MBAM log

===================================================
Malwarebytes' Anti-Malware 1.32
Database version: 1648
Windows 5.1.2600 Service Pack 3

1/13/2009 7:56:20 PM
mbam-log-2009-01-13 (19-56-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 125269
Time elapsed: 38 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 24
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ddcBQGWP.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vvcbxfeo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hyhlsw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfGvurO.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30fa8fd0-e077-41ad-9775-75f1e7e1e317} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30fa8fd0-e077-41ad-9775-75f1e7e1e317} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfgvuro (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d16099e6-d2de-4be4-a2fa-1225f69c3b42} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d16099e6-d2de-4be4-a2fa-1225f69c3b42} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30fa8fd0-e077-41ad-9775-75f1e7e1e317} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d16099e6-d2de-4be4-a2fa-1225f69c3b42} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\98d35f6d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobeupd (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcbqgwp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcbqgwp -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\hyhlsw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfGvurO.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ddcBQGWP.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\PWGQBcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PWGQBcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhaaprsc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrpaahr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvcbxfeo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oefxbcvv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\adobeupd.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Documents and Settings\Candace\Local Settings\Temporary Internet Files\Content.IE5\1CHBV1L3\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Candace\Local Settings\Temporary Internet Files\Content.IE5\6SLNAM9A\index[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD6828D-C9F4-400A-82E5-94121B6701D0}\RP146\A0049961.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD6828D-C9F4-400A-82E5-94121B6701D0}\RP147\A0049976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD6828D-C9F4-400A-82E5-94121B6701D0}\RP150\A0053152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD6828D-C9F4-400A-82E5-94121B6701D0}\RP150\A0054152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD6828D-C9F4-400A-82E5-94121B6701D0}\RP151\A0054169.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jcbevbtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\puoadd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pyffll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sazaam.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoqpywjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hsdoiuar.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mnpovwvv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nffvrmgj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRKebC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tosvkwby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tylvyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kydaob.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\leqyhkxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwwfrp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIawVM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYsTlm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 13 January 2009 - 02:30 PM

Waiting for other logs :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 FranDaMan

FranDaMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 13 January 2009 - 02:56 PM

Log.txt from RSIT
=================
Logfile of random's system information tool 1.05 (written by random/random)
Run by Candace at 2009-01-13 20:04:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (67%) free of 57 GB
Total RAM: 1014 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:45 PM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Candace\Desktop\RSIT.exe
C:\Program Files\trend micro\Candace.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msnusers.com/20sPlayground/sigpi...nw?all_topics=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A64CC4DB-D67E-40B5-A231-BA12D4C07364}: NameServer = 62.179.104.196,212.142.28.69
O20 - AppInit_DLLs: hyhlsw.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\uewpwwkc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2007-06-30 28672]
"NDSTray.exe"=NDSTray.exe []
"CFSServ.exe"=CFSServ.exe -NoClient []
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2006-04-12 638976]
""= []
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2007-06-01 53248]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-05-01 28672]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-25 888832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2007-07-25 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2007-07-25 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2007-07-25 118784]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-08-30 286720]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-12 65536]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-20 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="hyhlsw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-07-25 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-01-13 20:04:35 ----D---- C:\Program Files\trend micro
2009-01-13 20:04:34 ----D---- C:\rsit
2009-01-13 18:57:36 ----D---- C:\Documents and Settings\Candace\Application Data\Malwarebytes
2009-01-13 18:57:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-13 18:57:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-12 16:50:55 ----ASH---- C:\WINDOWS\system32\ofqeukmd.ini
2009-01-11 21:51:55 ----A---- C:\WINDOWS\unvise32.exe
2009-01-11 21:50:23 ----D---- C:\Program Files\Zone.com Deluxe Games
2009-01-11 16:50:12 ----ASH---- C:\WINDOWS\system32\kvylmuks.ini
2009-01-11 10:47:06 ----D---- C:\Program Files\Tracker Software
2009-01-10 10:11:59 ----ASH---- C:\WINDOWS\system32\ogvpqdrb.ini
2009-01-09 22:36:52 ----D---- C:\WINDOWS\CSC
2009-01-09 22:32:51 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-09 19:10:11 ----D---- C:\VundoFix Backups
2009-01-09 19:10:11 ----A---- C:\VundoFix.txt
2009-01-09 19:00:45 ----D---- C:\Program Files\Lavasoft
2009-01-09 19:00:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-08 22:03:29 ----ASH---- C:\WINDOWS\system32\qlolcsga.ini
2009-01-07 22:01:29 ----ASH---- C:\WINDOWS\system32\wctojomr.ini
2009-01-06 07:50:55 ----A---- C:\WINDOWS\system32\93f09b13-.txt
2009-01-05 22:39:11 ----A---- C:\WINDOWS\TPTray.INI
2008-12-28 16:24:53 ----A---- C:\WINDOWS\adobeupdate.ini
2008-12-28 16:19:24 ----D---- C:\WINDOWS\DQ Tycoon
2008-12-28 16:19:24 ----D---- C:\Program Files\DQ Tycoon
2008-12-17 11:21:36 ----D---- C:\Documents and Settings\Candace\Application Data\ImgBurn
2008-12-17 10:41:36 ----D---- C:\Program Files\ImgBurn
2008-11-14 16:26:28 ----D---- C:\WINDOWS\Prefetch
2008-11-14 16:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-14 16:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-14 16:12:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-14 16:12:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-14 16:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-14 16:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-14 16:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-14 16:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-14 16:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-14 16:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-14 16:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-14 16:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-14 16:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-14 16:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-14 16:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-14 16:03:49 ----D---- C:\WINDOWS\system32\scripting
2008-11-14 16:03:48 ----D---- C:\WINDOWS\l2schemas
2008-11-14 16:03:47 ----D---- C:\WINDOWS\system32\en
2008-11-14 16:03:46 ----D---- C:\WINDOWS\system32\bits
2008-11-14 15:59:49 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-14 15:56:16 ----D---- C:\WINDOWS\network diagnostic
2008-11-14 15:49:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-13 17:42:48 ----D---- C:\Program Files\Adobe
2008-11-02 17:05:50 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-31 22:48:56 ----D---- C:\Program Files\iPod
2008-10-31 22:48:55 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 14:47:11 ----D---- C:\Documents and Settings\Candace\Application Data\Media Player Classic
2008-10-26 14:42:37 ----D---- C:\Program Files\AC3Filter
2008-10-26 14:39:43 ----D---- C:\Program Files\GNU
2008-10-26 14:33:15 ----D---- C:\Documents and Settings\Candace\Application Data\dvdcss
2008-10-26 14:33:06 ----D---- C:\Documents and Settings\Candace\Application Data\vlc
2008-10-26 14:32:06 ----D---- C:\Program Files\VideoLAN
2008-10-24 23:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-24 20:13:12 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe
2008-10-21 20:41:18 ----A---- C:\WINDOWS\system32\SolarWinds2002.exe
2008-10-21 20:41:18 ----A---- C:\WINDOWS\system32\SolarWinds2001.exe
2008-10-21 20:41:18 ----A---- C:\WINDOWS\system32\oc30.dll
2008-10-21 20:41:18 ----A---- C:\WINDOWS\system32\MFCANS32.dll
2008-10-21 20:41:17 ----D---- C:\Program Files\SolarWinds
2008-10-21 20:15:37 ----D---- C:\Program Files\DipiSoft
2008-10-21 20:08:43 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-21 13:28:04 ----D---- C:\Program Files\CCleaner
2008-10-16 10:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 10:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 10:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 10:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 10:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$

======List of files/folders modified in the last 3 months======

2009-01-13 20:04:35 ----RD---- C:\Program Files
2009-01-13 20:00:54 ----D---- C:\Program Files\Mozilla Firefox
2009-01-13 19:59:11 ----D---- C:\WINDOWS\Temp
2009-01-13 19:58:30 ----D---- C:\WINDOWS\system32
2009-01-13 19:58:30 ----D---- C:\WINDOWS
2009-01-13 19:58:29 ----D---- C:\WINDOWS\system32\drivers
2009-01-13 19:57:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-13 18:57:56 ----D---- C:\WINDOWS\Internet Logs
2009-01-12 13:30:11 ----D---- C:\Program Files\123Pet
2009-01-09 22:37:09 ----D---- C:\Documents and Settings
2009-01-09 19:37:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-09 19:01:22 ----SHD---- C:\WINDOWS\Installer
2009-01-09 19:00:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-09 18:57:36 ----D---- C:\Documents and Settings\Candace\Application Data\Apple Computer
2009-01-09 18:52:25 ----D---- C:\WINDOWS\Minidump
2009-01-06 11:19:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-06 07:45:25 ----SD---- C:\WINDOWS\Tasks
2008-12-05 19:53:37 ----D---- C:\WINDOWS\Debug
2008-11-30 09:56:45 ----HD---- C:\WINDOWS\inf
2008-11-21 07:55:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-20 07:53:18 ----D---- C:\WINDOWS\Help
2008-11-14 16:28:24 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-14 16:25:50 ----D---- C:\WINDOWS\system32\Setup
2008-11-14 16:25:50 ----D---- C:\WINDOWS\AppPatch
2008-11-14 16:25:48 ----D---- C:\WINDOWS\system32\wbem
2008-11-14 16:25:47 ----RSD---- C:\WINDOWS\Fonts
2008-11-14 16:24:49 ----D---- C:\WINDOWS\security
2008-11-14 16:13:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-14 16:10:56 ----D---- C:\Program Files\Messenger
2008-11-14 16:05:14 ----D---- C:\WINDOWS\WinSxS
2008-11-14 16:04:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-14 16:04:22 ----D---- C:\WINDOWS\ime
2008-11-14 16:03:51 ----D---- C:\WINDOWS\system32\usmt
2008-11-14 16:03:51 ----D---- C:\WINDOWS\system32\en-US
2008-11-14 16:03:46 ----D---- C:\WINDOWS\PeerNet
2008-11-14 16:03:46 ----D---- C:\Program Files\Movie Maker
2008-11-14 15:59:32 ----D---- C:\WINDOWS\system32\Restore
2008-11-14 15:59:32 ----D---- C:\WINDOWS\system32\npp
2008-11-14 15:59:32 ----D---- C:\WINDOWS\mui
2008-11-14 15:59:30 ----D---- C:\WINDOWS\msagent
2008-11-14 15:59:29 ----D---- C:\WINDOWS\srchasst
2008-11-14 15:59:28 ----D---- C:\Program Files\NetMeeting
2008-11-14 15:59:26 ----D---- C:\WINDOWS\system32\Com
2008-11-14 15:59:23 ----D---- C:\Program Files\Windows Media Player
2008-11-14 15:59:22 ----D---- C:\Program Files\Windows NT
2008-11-14 15:59:22 ----D---- C:\Program Files\Outlook Express
2008-11-14 15:59:18 ----D---- C:\Program Files\Common Files\System
2008-11-14 15:58:54 ----D---- C:\WINDOWS\system32\oobe
2008-11-14 15:58:51 ----D---- C:\WINDOWS\system
2008-11-14 15:53:31 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-14 15:49:33 ----D---- C:\WINDOWS\ehome
2008-11-13 17:43:14 ----D---- C:\Program Files\Common Files\Adobe
2008-11-13 17:43:00 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-31 22:49:17 ----D---- C:\Program Files\iTunes
2008-10-31 22:46:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-24 23:13:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 13:28:19 ----D---- C:\Program Files\Yahoo!
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 11:11:15 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-16 10:45:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 10:44:34 ----D---- C:\Program Files\Internet Explorer
2008-10-16 10:44:23 ----D---- C:\WINDOWS\ie7updates
2008-10-15 17:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 TPwSav;TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2007-07-25 12032]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-04-05 546112]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2007-07-25 1399615]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-07 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-25 209312]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-07-25 290304]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 agl8cce9;agl8cce9; C:\WINDOWS\system32\drivers\agl8cce9.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz129;cpuz129; \??\C:\DOCUME~1\Candace\LOCALS~1\Temp\cpuz_x32.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-07-25 90880]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd2;Trust WB-3400T Webcam; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 347264]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2004-11-07 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2004-11-07 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2004-11-07 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-07-25 40960]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#6 FranDaMan

FranDaMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 13 January 2009 - 02:58 PM

info.txt from RSIT
===================
info.txt logfile of random's system information tool 1.05 2009-01-13 20:54:50

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123Pet-->MsiExec.exe /X{9E440F62-D46E-4AD1-8DA0-24F97051F76F}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /paAckage {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Albumprinter Pro Editor-->"C:\Program Files\Albumprinter Pro Editor\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Diner Dash Flo on the Go (remove only)-->C:\Program Files\Diner Dash Flo on the Go\Uninstall.exe
DQ Tycoon-->"C:\WINDOWS\DQ Tycoon\uninstall.exe" "/U:C:\Program Files\DQ Tycoon\Uninstall\uninstall.xml"
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Eye Candy 4000-->D:\psp7\Plugins\EYECAN~1\UNWISE.EXE D:\psp7\Plugins\EYECAN~1\INSTALL.LOG
Flash Slideshow Maker Pro 4.80-->C:\Program Files\Flash Slideshow Maker Professional\uninst.exe
Geluiddemper v. cd/dvd-station-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x13
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IKEA Home Planner-->MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kruidvat fotoservice-->"C:\Program Files\Fotoservice\Kruidvat fotoservice\uninstall.exe"
Lemonade Tycoon Deluxe-->C:\WINDOWS\unvise32.exe C:\Program Files\Zone.com Deluxe Games\Lemonade Tycoon Deluxe\uninstal.log
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG2 Codec(libmpeg2/mad)-->"C:\Program Files\GNU\MPEG2\Uninstall.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Paint Shop Pro 7 Evaluation-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PDF-Viewer-->"C:\Program Files\Tracker Software\PDF-XChange Viewer\unins000.exe"
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
Qloud Plug-in for iTunes-->C:\Program Files\iTunes\Plug-Ins\Qloud\iTunesQLoudSetup.exe /uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung\SSCDUninstall.exe
Samsung Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SIW version 2008-09-03-->"C:\Program Files\SIW\unins000.exe"
SolarWinds Wake On LAN-->C:\PROGRA~1\SOLARW~1\FREETO~1\Installs\UNWISE.EXE C:\PROGRA~1\SOLARW~1\FREETO~1\Installs\Wake-On-LAN.LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
The Sims™ Castaway Stories-->C:\Program Files\Electronic Arts\The Sims Castaway Stories\EAUninstall.exe
The Sims™ Life Stories-->D:\The Sims Life Stories\EAUninstall.exe
TightVNC 1.3.9-->"C:\Program Files\TightVNC\unins000.exe"
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x13 UNINSTALL
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1033
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1033
Trust WB-3400T Webcam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World Series of Poker: TOC-->D:\WorldSeriesPoker\Uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

FW: ZoneAlarm Firewall

System event log

Computer Name: TRIMSALON
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 37149
Source Name: Service Control Manager
Time Written: 20081209074513.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TRIMSALON
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{A64CC4DB-D67E-40B5-A231-BA12D4C07364} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 37148
Source Name: Tcpip
Time Written: 20081209074512.000000+060
Event Type: information
User:

Computer Name: TRIMSALON
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 37147
Source Name: Service Control Manager
Time Written: 20081209074509.000000+060
Event Type: information
User:

Computer Name: TRIMSALON
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 37146
Source Name: Service Control Manager
Time Written: 20081209074509.000000+060
Event Type: information
User:

Computer Name: TRIMSALON
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 37145
Source Name: Service Control Manager
Time Written: 20081209074509.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: TRIMSALON
Event Code: 101
Message: MsnMsgr (2572) The database engine stopped.

Record Number: 22458
Source Name: ESENT
Time Written: 20081207185019.000000+060
Event Type: information
User:

Computer Name: TRIMSALON
Event Code: 103
Message: MsnMsgr (2572) \\.\C:\Documents and Settings\Candace\Local Settings\Application Data\Microsoft\Messenger\dolphins_cry_@hotmail.com\SharingMetadata\Working\database_3498_D3A1_98D3_5FC2\dfsr.db: The database engine stopped the instance (0).

Record Number: 22457
Source Name: ESENT
Time Written: 20081207185019.000000+060
Event Type: information
User:

Computer Name: TRIMSALON
Event Code: 302
Message: MsnMsgr (2572) \\.\C:\Documents and Settings\Candace\Local Settings\Application Data\Microsoft\Messenger\dolphins_cry_@hotmail.com\SharingMetadata\Working\database_3498_D3A1_98D3_5FC2\dfsr.db: The database engine has successfully completed recovery steps.

Record Number: 22456
Source Name: ESENT
Time Written: 20081207180255.000000+060
Event Type: information
User:

Computer Name: TRIMSALON
Event Code: 301
Message: MsnMsgr (2572) \\.\C:\Documents and Settings\Candace\Local Settings\Application Data\Microsoft\Messenger\dolphins_cry_@hotmail.com\SharingMetadata\Working\database_3498_D3A1_98D3_5FC2\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Candace\Local Settings\Application Data\Microsoft\Messenger\dolphins_cry_@hotmail.com\SharingMetadata\Working\database_3498_D3A1_98D3_5FC2\fsr.log.

Record Number: 22455
Source Name: ESENT
Time Written: 20081207180254.000000+060
Event Type: information
User:

Computer Name: TRIMSALON
Event Code: 301
Message: MsnMsgr (2572) \\.\C:\Documents and Settings\Candace\Local Settings\Application Data\Microsoft\Messenger\dolphins_cry_@hotmail.com\SharingMetadata\Working\database_3498_D3A1_98D3_5FC2\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Candace\Local Settings\Application Data\Microsoft\Messenger\dolphins_cry_@hotmail.com\SharingMetadata\Working\database_3498_D3A1_98D3_5FC2\fsr00AE9.log.

Record Number: 22454
Source Name: ESENT
Time Written: 20081207180253.000000+060
Event Type: information
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\iTunes\Plug-Ins\Qloud\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e0c
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"windir"=%SystemRoot%

-----------------EOF-----------------

#7 FranDaMan

FranDaMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 13 January 2009 - 03:17 PM

here is the GMER log file

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 13 January 2009 - 09:40 PM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)
4. Coupon Printer for Windows




Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\tasks\uewpwwkc.job
    C:\WINDOWS\system32\ofqeukmd.ini
    C:\WINDOWS\system32\kvylmuks.ini
    C:\WINDOWS\system32\ogvpqdrb.ini
    C:\WINDOWS\system32\qlolcsga.ini
    C:\WINDOWS\system32\wctojomr.ini
    C:\WINDOWS\system32\93f09b13-.txt
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 FranDaMan

FranDaMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 14 January 2009 - 01:41 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINDOWS\tasks\uewpwwkc.job moved successfully.
C:\WINDOWS\system32\ofqeukmd.ini moved successfully.
C:\WINDOWS\system32\kvylmuks.ini moved successfully.
C:\WINDOWS\system32\ogvpqdrb.ini moved successfully.
C:\WINDOWS\system32\qlolcsga.ini moved successfully.
C:\WINDOWS\system32\wctojomr.ini moved successfully.
C:\WINDOWS\system32\93f09b13-.txt moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Candace\LOCALS~1\Temp\hsperfdata_Candace\2528 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Candace\LOCALS~1\Temp\etilqs_snuIayqgh87JmVAjH5a7 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Candace\LOCALS~1\Temp\Perflib_Perfdata_81c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Candace\LOCALS~1\Temp\Perflib_Perfdata_bb8.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Candace\LOCALS~1\Temp\~DF99B1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Candace\LOCALS~1\Temp\~DF99D9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Candace\LOCALS~1\Temp\~DFD7F3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Candace\LOCALS~1\Temp\~DFD85F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_abc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT05c6f.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT05c73.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Candace\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ds2hv5k.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Candace\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ds2hv5k.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Candace\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ds2hv5k.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Candace\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ds2hv5k.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Candace\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ds2hv5k.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01142009_193954

#10 FranDaMan

FranDaMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 14 January 2009 - 01:43 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Candace at 2009-01-14 19:42:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (67%) free of 57 GB
Total RAM: 1014 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:29 PM, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Candace\Desktop\RSIT.exe
C:\Program Files\trend micro\Candace.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msnusers.com/20sPlayground/sigpi...nw?all_topics=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\Candace\Desktop\OTMoveIt3.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A64CC4DB-D67E-40B5-A231-BA12D4C07364}: NameServer = 62.179.104.196,212.142.28.69
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7586 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2007-06-30 28672]
"NDSTray.exe"=NDSTray.exe []
"CFSServ.exe"=CFSServ.exe -NoClient []
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2006-04-12 638976]
""= []
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2007-06-01 53248]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-05-01 28672]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-25 888832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-14 136600]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2007-07-25 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2007-07-25 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2007-07-25 118784]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-08-30 286720]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OTMoveIt"=C:\Documents and Settings\Candace\Desktop\OTMoveIt3.exe [2009-01-14 348160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-12 65536]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-20 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-07-25 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-01-14 19:39:54 ----D---- C:\_OTMoveIt
2009-01-14 19:37:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-14 19:37:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-14 19:37:54 ----A---- C:\WINDOWS\system32\java.exe
2009-01-14 19:37:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-13 20:59:15 ----A---- C:\WINDOWS\gmer.ini
2009-01-13 20:59:13 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-13 20:59:13 ----A---- C:\WINDOWS\gmer.exe
2009-01-13 20:59:13 ----A---- C:\WINDOWS\gmer.dll
2009-01-13 20:04:35 ----D---- C:\Program Files\trend micro
2009-01-13 20:04:34 ----D---- C:\rsit
2009-01-13 18:57:36 ----D---- C:\Documents and Settings\Candace\Application Data\Malwarebytes
2009-01-13 18:57:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-13 18:57:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-11 21:51:55 ----A---- C:\WINDOWS\unvise32.exe
2009-01-11 21:50:23 ----D---- C:\Program Files\Zone.com Deluxe Games
2009-01-11 10:47:06 ----D---- C:\Program Files\Tracker Software
2009-01-09 22:36:52 ----D---- C:\WINDOWS\CSC
2009-01-09 22:32:51 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-09 19:10:11 ----D---- C:\VundoFix Backups
2009-01-09 19:10:11 ----A---- C:\VundoFix.txt
2009-01-09 19:00:45 ----D---- C:\Program Files\Lavasoft
2009-01-09 19:00:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-05 22:39:11 ----A---- C:\WINDOWS\TPTray.INI
2008-12-28 16:24:53 ----A---- C:\WINDOWS\adobeupdate.ini
2008-12-28 16:19:24 ----D---- C:\WINDOWS\DQ Tycoon
2008-12-28 16:19:24 ----D---- C:\Program Files\DQ Tycoon
2008-12-17 11:21:36 ----D---- C:\Documents and Settings\Candace\Application Data\ImgBurn
2008-12-17 10:41:36 ----D---- C:\Program Files\ImgBurn
2008-11-14 16:26:28 ----D---- C:\WINDOWS\Prefetch
2008-11-14 16:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-14 16:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-14 16:12:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-14 16:12:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-14 16:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-14 16:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-14 16:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-14 16:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-14 16:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-14 16:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-14 16:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-14 16:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-14 16:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-14 16:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-14 16:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-14 16:03:49 ----D---- C:\WINDOWS\system32\scripting
2008-11-14 16:03:48 ----D---- C:\WINDOWS\l2schemas
2008-11-14 16:03:47 ----D---- C:\WINDOWS\system32\en
2008-11-14 16:03:46 ----D---- C:\WINDOWS\system32\bits
2008-11-14 15:59:49 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-14 15:56:16 ----D---- C:\WINDOWS\network diagnostic
2008-11-14 15:49:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-13 17:42:48 ----D---- C:\Program Files\Adobe
2008-11-02 17:05:50 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-31 22:48:56 ----D---- C:\Program Files\iPod
2008-10-31 22:48:55 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 14:47:11 ----D---- C:\Documents and Settings\Candace\Application Data\Media Player Classic
2008-10-26 14:42:37 ----D---- C:\Program Files\AC3Filter
2008-10-26 14:39:43 ----D---- C:\Program Files\GNU
2008-10-26 14:33:15 ----D---- C:\Documents and Settings\Candace\Application Data\dvdcss
2008-10-26 14:33:06 ----D---- C:\Documents and Settings\Candace\Application Data\vlc
2008-10-26 14:32:06 ----D---- C:\Program Files\VideoLAN
2008-10-24 23:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-24 20:13:12 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe
2008-10-21 20:41:18 ----A---- C:\WINDOWS\system32\SolarWinds2002.exe
2008-10-21 20:41:18 ----A---- C:\WINDOWS\system32\SolarWinds2001.exe
2008-10-21 20:41:18 ----A---- C:\WINDOWS\system32\oc30.dll
2008-10-21 20:41:18 ----A---- C:\WINDOWS\system32\MFCANS32.dll
2008-10-21 20:41:17 ----D---- C:\Program Files\SolarWinds
2008-10-21 20:15:37 ----D---- C:\Program Files\DipiSoft
2008-10-21 20:08:43 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-21 13:28:04 ----D---- C:\Program Files\CCleaner
2008-10-16 10:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 10:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 10:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 10:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 10:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$

======List of files/folders modified in the last 3 months======

2009-01-14 19:40:33 ----D---- C:\WINDOWS\Temp
2009-01-14 19:39:54 ----SD---- C:\WINDOWS\Tasks
2009-01-14 19:39:54 ----D---- C:\WINDOWS\system32
2009-01-14 19:38:10 ----D---- C:\Program Files\Mozilla Firefox
2009-01-14 19:38:08 ----SHD---- C:\WINDOWS\Installer
2009-01-14 19:37:31 ----D---- C:\Program Files\Java
2009-01-14 19:36:55 ----D---- C:\WINDOWS\Internet Logs
2009-01-14 19:35:12 ----D---- C:\WINDOWS
2009-01-14 19:35:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-14 19:35:07 ----D---- C:\WINDOWS\system32\drivers
2009-01-14 11:43:56 ----D---- C:\Program Files\123Pet
2009-01-13 22:46:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-13 20:04:35 ----RD---- C:\Program Files
2009-01-09 22:37:09 ----D---- C:\Documents and Settings
2009-01-09 19:37:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-09 18:57:36 ----D---- C:\Documents and Settings\Candace\Application Data\Apple Computer
2009-01-09 18:52:25 ----D---- C:\WINDOWS\Minidump
2009-01-06 11:19:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-05 19:53:37 ----D---- C:\WINDOWS\Debug
2008-11-30 09:56:45 ----HD---- C:\WINDOWS\inf
2008-11-21 07:55:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-20 07:53:18 ----D---- C:\WINDOWS\Help
2008-11-14 16:28:24 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-14 16:25:50 ----D---- C:\WINDOWS\system32\Setup
2008-11-14 16:25:50 ----D---- C:\WINDOWS\AppPatch
2008-11-14 16:25:48 ----D---- C:\WINDOWS\system32\wbem
2008-11-14 16:25:47 ----RSD---- C:\WINDOWS\Fonts
2008-11-14 16:24:49 ----D---- C:\WINDOWS\security
2008-11-14 16:13:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-14 16:10:56 ----D---- C:\Program Files\Messenger
2008-11-14 16:05:14 ----D---- C:\WINDOWS\WinSxS
2008-11-14 16:04:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-14 16:04:22 ----D---- C:\WINDOWS\ime
2008-11-14 16:03:51 ----D---- C:\WINDOWS\system32\usmt
2008-11-14 16:03:51 ----D---- C:\WINDOWS\system32\en-US
2008-11-14 16:03:46 ----D---- C:\WINDOWS\PeerNet
2008-11-14 16:03:46 ----D---- C:\Program Files\Movie Maker
2008-11-14 15:59:32 ----D---- C:\WINDOWS\system32\Restore
2008-11-14 15:59:32 ----D---- C:\WINDOWS\system32\npp
2008-11-14 15:59:32 ----D---- C:\WINDOWS\mui
2008-11-14 15:59:30 ----D---- C:\WINDOWS\msagent
2008-11-14 15:59:29 ----D---- C:\WINDOWS\srchasst
2008-11-14 15:59:28 ----D---- C:\Program Files\NetMeeting
2008-11-14 15:59:26 ----D---- C:\WINDOWS\system32\Com
2008-11-14 15:59:23 ----D---- C:\Program Files\Windows Media Player
2008-11-14 15:59:22 ----D---- C:\Program Files\Windows NT
2008-11-14 15:59:22 ----D---- C:\Program Files\Outlook Express
2008-11-14 15:59:18 ----D---- C:\Program Files\Common Files\System
2008-11-14 15:58:54 ----D---- C:\WINDOWS\system32\oobe
2008-11-14 15:58:51 ----D---- C:\WINDOWS\system
2008-11-14 15:53:31 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-14 15:49:33 ----D---- C:\WINDOWS\ehome
2008-11-13 17:43:14 ----D---- C:\Program Files\Common Files\Adobe
2008-11-13 17:43:00 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-31 22:49:17 ----D---- C:\Program Files\iTunes
2008-10-31 22:46:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-24 23:13:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 13:28:19 ----D---- C:\Program Files\Yahoo!
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 11:11:15 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-16 10:45:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 10:44:34 ----D---- C:\Program Files\Internet Explorer
2008-10-16 10:44:23 ----D---- C:\WINDOWS\ie7updates
2008-10-15 17:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 TPwSav;TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2007-07-25 12032]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-04-05 546112]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2007-07-25 1399615]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-07 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-25 209312]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-07-25 290304]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aw42dt0j;aw42dt0j; C:\WINDOWS\system32\drivers\aw42dt0j.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz129;cpuz129; \??\C:\DOCUME~1\Candace\LOCALS~1\Temp\cpuz_x32.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-13 85969]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-07-25 90880]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd2;Trust WB-3400T Webcam; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 347264]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2004-11-07 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2004-11-07 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2004-11-07 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-07-25 40960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-14 152984]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 15 January 2009 - 02:02 AM

Looks good from here.. Lets do an online scan to make sure we get them all :thumbsup:


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


How is the computer now? :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 FranDaMan

FranDaMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 15 January 2009 - 01:14 PM

So far so good, no more popups.

but the eset scan did turn something up again :thumbsup:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3769 (20090115)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=558307c256b4cd41b7d6eb0ed2b47b83
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-15 06:02:45
# local_time=2009-01-15 07:02:45 (+0100, W. Europe Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=215942
# found=1
# scan_time=3370
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MXQ58XSN\apstpldr.dll[1].htm Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 16 January 2009 - 12:22 AM

Don't worry.. It just a Temporary Internet Files.. Looks good to me.. Lets do some cleanup...


Please download CleanUp! by stevengould.org and save it to your Desktop.
  • Double-click CleanUp452.exe and install CleanUp! to your computer
  • Open CleanUp! and click on Options.. button.
  • Under General tab, choose Standard CleanUp! and then click Ok
  • Click on the CleanUp! button. When it asked you to logoff Windows, click on Yes
  • Let your Windows rebooted (or do it manually) and continue with the next step


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 FranDaMan

FranDaMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 16 January 2009 - 11:42 AM

Well, as mentioned before, the popups are gone and the computer starts up faster again.
Thank you so very much for all your help.

from the Netherlands a kind and warm thank you !!

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 16 January 2009 - 12:06 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users