Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No idea what infection is


  • This topic is locked This topic is locked
9 replies to this topic

#1 COW8OY

COW8OY

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 10 January 2009 - 06:36 PM

Ran Combo on this a while back, made things better for a bit, then got even worse. I could not even pull up msconfig under 'run'. Ran combo again, better so far but want to make sure we are good. Msconfig is back also. Teenagers on this machine occasionally so no telling what the problem is. Here are logs. TY

DDS (Ver_09-01-07.01) - NTFSx86
Run by Administrator at 15:23:04.82 on Sat 01/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.168 [GMT -8:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\ehome\ehSched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.helloworld.com/
mStart Page = hxxp://www.gatewaybiz.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\winnt\system32\zebekeli.dll

============= SERVICES / DRIVERS ===============

R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\winnt\system32\drivers\cxavsaud.sys [2003-10-11 8320]
R3 HidFP;HID Front Panel Driver Service;c:\winnt\system32\drivers\HidFP.sys [2006-1-23 4128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\winnt\system32\drivers\TM_CFW.sys [2007-12-16 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-9-13 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-9-13 648456]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 CX88XBAR;AVerMedia AVerTV MPEG Crossbar;c:\winnt\system32\drivers\cx88xbar.sys [2003-10-11 6912]
R4 tmevtmgr;tmevtmgr;c:\winnt\system32\drivers\tmevtmgr.sys [2008-9-13 52240]
R4 tmpreflt;tmpreflt;c:\winnt\system32\drivers\tmpreflt.sys [2007-12-16 36368]

=============== Created Last 30 ================

2009-01-10 14:27 161,792 a------- c:\winnt\SWREG.exe
2009-01-10 14:27 98,816 a------- c:\winnt\sed.exe
2009-01-10 09:49 206 a------- c:\winnt\HPGdiPlus.ini
2009-01-10 09:47 <DIR> --d----- c:\program files\HP
2008-12-22 19:36 73,728 a------- c:\winnt\system32\javacpl.cpl
2008-12-22 19:36 410,984 a------- c:\winnt\system32\deploytk.dll
2008-12-22 19:17 <DIR> a-dshr-- C:\cmdcons
2008-12-20 14:40 <DIR> --d----- c:\program files\Lavasoft
2008-12-20 14:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-20 14:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2008-12-20 13:48 <DIR> --d----- c:\program files\PCPitstop
2008-12-19 06:01 3,060,224 a------- c:\winnt\system32\SET7F.tmp

==================== Find3M ====================

2009-01-10 09:30 24,494 a------- c:\docume~1\admini~1\applic~1\wklnhst.dat
2009-01-10 09:27 757,536 ac------ c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2009-01-09 16:52 6,993 a--sh--- c:\winnt\system32\zakumuno.dll
2009-01-09 16:52 7,061 a--sh--- c:\winnt\system32\nisoresu.dll
2009-01-09 16:52 6,862 a--sh--- c:\winnt\system32\yezilewi.dll
2009-01-08 20:31 7,061 a--sh--- c:\winnt\system32\vadumema.dll
2009-01-08 20:31 6,930 a--sh--- c:\winnt\system32\yunopadi.dll
2009-01-08 20:31 6,816 a--sh--- c:\winnt\system32\noleyelo.dll
2009-01-08 07:49 6,816 a--sh--- c:\winnt\system32\yurugahi.dll
2009-01-08 07:49 7,046 a--sh--- c:\winnt\system32\namagitu.dll
2009-01-08 07:49 6,843 a--sh--- c:\winnt\system32\nevetuva.dll
2009-01-07 18:07 7,041 a--sh--- c:\winnt\system32\niyikaho.dll
2009-01-07 18:07 6,917 a--sh--- c:\winnt\system32\sunumudi.dll
2009-01-07 18:07 6,855 a--sh--- c:\winnt\system32\tomomola.dll
2009-01-07 06:02 7,019 a--sh--- c:\winnt\system32\gihiwake.dll
2009-01-07 06:02 6,983 a--sh--- c:\winnt\system32\zoweruna.dll
2009-01-07 06:02 6,855 a--sh--- c:\winnt\system32\lowavoke.dll
2009-01-06 16:39 7,033 a--sh--- c:\winnt\system32\jadiribe.dll
2009-01-06 16:39 7,006 a--sh--- c:\winnt\system32\nuvakuka.dll
2009-01-06 16:39 6,888 a--sh--- c:\winnt\system32\hevaluya.dll
2009-01-03 05:04 7,043 a--sh--- c:\winnt\system32\zisewato.dll
2009-01-03 05:04 7,042 a--sh--- c:\winnt\system32\dojoboli.dll
2009-01-03 05:04 6,821 a--sh--- c:\winnt\system32\sipizeli.dll
2009-01-02 08:02 7,067 a--sh--- c:\winnt\system32\begozebu.dll
2009-01-02 08:02 6,882 a--sh--- c:\winnt\system32\dilotiri.dll
2009-01-02 08:02 6,840 a--sh--- c:\winnt\system32\mugelide.dll
2009-01-01 19:20 7,051 a--sh--- c:\winnt\system32\kikehana.dll
2009-01-01 19:20 6,972 a--sh--- c:\winnt\system32\jugagabi.dll
2009-01-01 19:20 6,831 a--sh--- c:\winnt\system32\livaleze.dll
2009-01-01 07:11 6,974 a--sh--- c:\winnt\system32\pegenemo.dll
2009-01-01 07:11 6,932 a--sh--- c:\winnt\system32\kayiduri.dll
2009-01-01 07:11 6,832 a--sh--- c:\winnt\system32\saseneda.dll
2008-12-31 19:11 6,961 a--sh--- c:\winnt\system32\benagaya.dll
2008-12-31 19:11 6,937 a--sh--- c:\winnt\system32\nuhenehu.dll
2008-12-31 19:11 6,927 a--sh--- c:\winnt\system32\defadipa.dll
2008-12-31 07:10 6,957 a--sh--- c:\winnt\system32\majisero.dll
2008-12-31 07:10 7,032 a--sh--- c:\winnt\system32\ragutali.dll
2008-12-31 07:10 6,842 a--sh--- c:\winnt\system32\dagewoyo.dll
2008-12-12 09:33 3,060,224 -------- c:\winnt\system32\dllcache\mshtml.dll
2008-10-24 20:00 16,384 a------- c:\winnt\DCEBoot.exe
2008-10-24 03:10 453,632 -------- c:\winnt\system32\dllcache\mrxsmb.sys
2008-10-23 05:01 283,648 a------- c:\winnt\system32\SET54.tmp
2008-10-23 05:01 283,648 -------- c:\winnt\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\winnt\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\winnt\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\winnt\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\winnt\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\winnt\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\winnt\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\winnt\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\winnt\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\winnt\system32\muweb.dll
2008-10-15 08:57 332,800 -------- c:\winnt\system32\dllcache\netapi32.dll
2008-10-15 01:45 18,432 -------- c:\winnt\system32\dllcache\iedw.exe
2006-04-24 05:21 3,596 ac------ c:\docume~1\admini~1\applic~1\ViewerApp.dat
0000-00-00 00:00 21,504 a--sh--- c:\winnt\system32\gukejibu.dll
2008-09-27 05:29 74,752 a--sh--- c:\winnt\system32\mirajehi.dll

============= FINISH: 15:23:56.40 ===============

Attached Files


"The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797)

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 12 January 2009 - 02:59 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 COW8OY

COW8OY
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 January 2009 - 12:31 AM

:thumbsup:

Malwarebytes Log
Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 5.1.2600 Service Pack 2

1/16/2009 9:03:53 PM
mbam-log-2009-01-16 (21-03-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 130476
Time elapsed: 49 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 44

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINNT\system32\bakivige.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\gipunowe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\hiwelilo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\jupaluze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\kazovovi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\kenahapu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\kiyuvuna.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\nanujayi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\nuzepema.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\ropenoya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\samewora.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\visegobu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\wahawiye.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\wideyeri.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\zopatafi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\system32\zurafogu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP2\A0000112.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000248.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000256.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000663.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000679.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000685.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000695.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000696.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000698.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000717.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000722.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000724.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000734.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000735.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000708.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000726.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\mirajehi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\wekinimu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\jisubufo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\samovevu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\kayiduri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


RSIT Logs

log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-16 21:07:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 173 GB (90%) free of 191 GB
Total RAM: 510 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:42 PM, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helloworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 5469 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\At1.job
C:\WINNT\tasks\At10.job
C:\WINNT\tasks\At11.job
C:\WINNT\tasks\At12.job
C:\WINNT\tasks\At13.job
C:\WINNT\tasks\At14.job
C:\WINNT\tasks\At15.job
C:\WINNT\tasks\At16.job
C:\WINNT\tasks\At17.job
C:\WINNT\tasks\At18.job
C:\WINNT\tasks\At19.job
C:\WINNT\tasks\At2.job
C:\WINNT\tasks\At20.job
C:\WINNT\tasks\At21.job
C:\WINNT\tasks\At22.job
C:\WINNT\tasks\At23.job
C:\WINNT\tasks\At24.job
C:\WINNT\tasks\At25.job
C:\WINNT\tasks\At26.job
C:\WINNT\tasks\At27.job
C:\WINNT\tasks\At28.job
C:\WINNT\tasks\At29.job
C:\WINNT\tasks\At3.job
C:\WINNT\tasks\At30.job
C:\WINNT\tasks\At31.job
C:\WINNT\tasks\At32.job
C:\WINNT\tasks\At33.job
C:\WINNT\tasks\At34.job
C:\WINNT\tasks\At35.job
C:\WINNT\tasks\At36.job
C:\WINNT\tasks\At37.job
C:\WINNT\tasks\At38.job
C:\WINNT\tasks\At39.job
C:\WINNT\tasks\At4.job
C:\WINNT\tasks\At40.job
C:\WINNT\tasks\At41.job
C:\WINNT\tasks\At42.job
C:\WINNT\tasks\At43.job
C:\WINNT\tasks\At44.job
C:\WINNT\tasks\At45.job
C:\WINNT\tasks\At46.job
C:\WINNT\tasks\At47.job
C:\WINNT\tasks\At48.job
C:\WINNT\tasks\At5.job
C:\WINNT\tasks\At6.job
C:\WINNT\tasks\At7.job
C:\WINNT\tasks\At8.job
C:\WINNT\tasks\At9.job
C:\WINNT\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090050001.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINNT\system32\Ati2mdxx.exe [2001-09-04 28672]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-30 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINNT\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINNT\ehome\ehtray.exe [2004-08-03 50176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor]
C:\Program Files\Gateway Utilities\GWInkMonitor.exe [2003-06-24 303180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-09-14 267064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StacSysTray]
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe [2003-10-23 962560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-21 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINNT\vVX3000.exe [2007-04-10 709992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
C:\PROGRA~1\GREETI~1\GWREMIND.EXE [1997-09-03 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-06 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2003-12-17 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YourScreen.lnk]
C:\PROGRA~1\YOURSC~1\YOURSC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PassThru"=3
"ose"=3
"nmservice"=2
"nmraapache"=3
"NBService"=3
"MDM"=2
"LVPrcSrv"=2
"LVCOMSer"=2
"iPod Service"=3
"gusvc"=3
"Apple Mobile Device"=2
"PrismXL"=2
"LVSrvLauncher"=2
"aawservice"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINNT\system32\zebekeli.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Combat Arms\NMService.exe"="C:\Program Files\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Trend Micro\Internet Security\TmPfw.exe"="C:\Program Files\Trend Micro\Internet Security\TmPfw.exe:*:Enabled:TmPfw"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\Trend Micro\BM\TMBMSRV.exe"="C:\Program Files\Trend Micro\BM\TMBMSRV.exe:*:Enabled:TMBMSRV"
"C:\WINNT\system32\wbem\wmiprvse.exe"="C:\WINNT\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\WINNT\system32\userinit.exe"="C:\WINNT\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe:*:Enabled:UfSeAgnt"
"C:\WINNT\system32\sndvol32.exe"="C:\WINNT\system32\sndvol32.exe:*:Enabled:SNDVOL32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{176b2d23-155e-11dc-9245-0040ca6bbb4b}]
shell\AutoRun\command - I:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\zoweruna.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\zisewato.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\zakumuno.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\yurugahi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\yunopadi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\yezilewi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\vadumema.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\tomomola.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\sunumudi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\sipizeli.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\saseneda.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\ragutali.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\pegenemo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\nuvakuka.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\nuhenehu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\noleyelo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\niyikaho.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\nisoresu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\nevetuva.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\namagitu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\mugelide.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\majisero.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\lowavoke.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\livaleze.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\kikehana.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\jugagabi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\jadiribe.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\hevaluya.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\gukejibu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\gihiwake.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\dojoboli.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\dilotiri.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\defadipa.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\dagewoyo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\benagaya.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\begozebu.dll
2009-01-16 21:07:24 ----D---- C:\rsit
2009-01-16 20:27:26 ----SHD---- C:\RECYCLER
2009-01-16 20:11:36 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-01-16 20:11:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-16 20:11:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-10 15:05:31 ----A---- C:\1-10-09ComboRprt.txt
2009-01-10 14:57:57 ----A---- C:\ComboFix.txt
2009-01-10 14:31:28 ----D---- C:\WINNT\temp
2009-01-10 14:27:29 ----A---- C:\WINNT\zip.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\VFIND.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\SWXCACLS.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\SWSC.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\SWREG.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\sed.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\NIRCMD.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\grep.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\fdsv.exe
2009-01-10 14:26:54 ----D---- C:\Qoobox
2009-01-10 09:49:59 ----A---- C:\WINNT\HPGdiPlus.ini
2009-01-10 09:47:17 ----D---- C:\Program Files\HP
2008-12-22 19:36:49 ----A---- C:\WINNT\system32\javaws.exe
2008-12-22 19:36:49 ----A---- C:\WINNT\system32\javaw.exe
2008-12-22 19:36:49 ----A---- C:\WINNT\system32\java.exe
2008-12-22 19:36:49 ----A---- C:\WINNT\system32\deploytk.dll
2008-12-22 19:17:20 ----A---- C:\Boot.bak
2008-12-22 19:17:03 ----RASHD---- C:\cmdcons
2008-12-22 19:16:03 ----D---- C:\WINNT\ERDNT
2008-12-20 14:40:40 ----D---- C:\Program Files\Lavasoft
2008-12-20 14:40:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-20 14:39:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-20 14:26:07 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-12-20 13:48:55 ----HDC---- C:\WINNT\$NtUninstallKB955839$
2008-12-20 13:48:36 ----D---- C:\Program Files\PCPitstop
2008-12-20 13:40:15 ----HDC---- C:\WINNT\$NtUninstallKB958215$
2008-12-20 13:29:55 ----HDC---- C:\WINNT\$NtUninstallKB960714$
2008-12-20 13:26:19 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2008-12-20 13:22:17 ----HDC---- C:\WINNT\$NtUninstallKB956802$
2008-12-19 06:01:44 ----A---- C:\WINNT\system32\SET7F.tmp
2008-11-11 19:06:11 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2008-11-11 19:04:46 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2008-11-01 12:31:28 ----D---- C:\Program Files\Combat Arms
2008-11-01 12:31:27 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-10-24 20:00:27 ----A---- C:\WINNT\DCEBoot.exe
2008-10-24 04:55:34 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2008-10-23 05:01:36 ----A---- C:\WINNT\system32\SET54.tmp

======List of files/folders modified in the last 3 months======

2009-01-16 21:07:42 ----D---- C:\Program Files\Trend Micro
2009-01-16 21:07:23 ----D---- C:\WINNT\Prefetch
2009-01-16 21:03:52 ----AD---- C:\WINNT\system32
2009-01-16 20:11:30 ----D---- C:\WINNT\system32\drivers
2009-01-16 20:11:25 ----D---- C:\Program Files
2009-01-14 06:02:08 ----A---- C:\WINNT\ModemLog_Conexant SoftK56 Data Fax Modem.txt
2009-01-13 19:52:01 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2009-01-13 19:49:24 ----D---- C:\WINNT\system32\CatRoot2
2009-01-13 19:47:53 ----D---- C:\WINNT
2009-01-13 19:46:16 ----A---- C:\WINNT\SchedLgU.Txt
2009-01-10 15:32:41 ----RASH---- C:\boot.ini
2009-01-10 15:32:41 ----A---- C:\WINNT\win.ini
2009-01-10 15:32:41 ----A---- C:\WINNT\system.ini
2009-01-10 14:51:57 ----D---- C:\WINNT\system32\config
2009-01-10 14:30:34 ----D---- C:\WINNT\AppPatch
2009-01-10 14:30:34 ----D---- C:\Program Files\Common Files
2009-01-10 14:29:00 ----SD---- C:\WINNT\Downloaded Program Files
2009-01-10 09:52:43 ----HD---- C:\WINNT\inf
2009-01-10 09:52:42 ----D---- C:\Program Files\Hewlett-Packard
2009-01-10 09:47:23 ----SHD---- C:\WINNT\Installer
2009-01-10 09:47:04 ----D---- C:\WINNT\Downloaded Installations
2009-01-10 08:26:58 ----D---- C:\WINNT\system32\CatRoot
2009-01-10 08:17:08 ----AC---- C:\WINNT\ntbtlog.txt
2009-01-09 19:46:12 ----A---- C:\WINNT\NeroDigital.ini
2009-01-09 19:23:00 ----D---- C:\WINNT\system32\wbem
2009-01-02 18:17:32 ----D---- C:\Program Files\Greetings Workshop
2008-12-22 23:22:38 ----SHD---- C:\System Volume Information
2008-12-22 23:22:38 ----D---- C:\WINNT\system32\Restore
2008-12-22 19:36:33 ----D---- C:\Program Files\Java
2008-12-20 13:41:18 ----A---- C:\WINNT\imsins.BAK
2008-12-20 13:40:44 ----RSHD---- C:\WINNT\system32\dllcache
2008-12-20 13:40:38 ----D---- C:\Program Files\Internet Explorer
2008-12-20 13:38:49 ----HD---- C:\WINNT\$hf_mig$
2008-12-02 16:58:19 ----D---- C:\WINNT\Help
2008-11-11 19:03:50 ----D---- C:\WINNT\WinSxS
2008-10-22 01:47:07 ----N---- C:\WINNT\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINNT\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 cdrbsvsd;cdrbsvsd; C:\WINNT\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 PCLEPCI;PCLEPCI; \??\C:\WINNT\System32\drivers\pclepci.sys []
R1 tmtdi;Trend Micro TDI Driver; C:\WINNT\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 CX23880;AVerMedia AVerTV MPEG Video Capture (!); C:\WINNT\system32\drivers\cx88vid.sys [2003-10-21 246272]
R2 CX88ENC;AVerMedia AVerTV MPEG Encoder; C:\WINNT\system32\drivers\cx88enc.sys [2003-10-21 294912]
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar; C:\WINNT\system32\drivers\CX88XBAR.sys [2003-10-21 6912]
R2 CXTUNE;AVerMedia AVerTV Tuner; C:\WINNT\system32\drivers\CX88TUNE.sys [2003-10-21 30848]
R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmactmon;tmactmon; \??\C:\WINNT\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINNT\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINNT\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINNT\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
R2 tmxpflt;tmxpflt; C:\WINNT\system32\DRIVERS\tmxpflt.sys [2008-11-26 205328]
R2 vsapint;vsapint; C:\WINNT\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]
R3 ASAPIW2k;ASAPIW2K; C:\WINNT\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 ati2mtag;ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [2003-08-12 594432]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture; C:\WINNT\system32\drivers\cxavsaud.sys [2003-10-21 8320]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2007-03-14 165760]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidFP;HID Front Panel Driver Service; C:\WINNT\System32\DRIVERS\HidFP.sys [2006-01-23 4128]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINNT\System32\DRIVERS\hidir.sys [2004-08-03 15104]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINNT\System32\DRIVERS\HSF_DP.sys [2003-07-28 1064448]
R3 HSFHWICH;HSFHWICH; C:\WINNT\System32\DRIVERS\HSFHWICH.sys [2003-07-28 190848]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINNT\System32\DRIVERS\IrBus.sys [2004-08-03 40832]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINNT\System32\DRIVERS\MarvinBus.sys [2004-03-29 90464]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINNT\system32\drivers\MxlW2k.sys [2004-07-17 28352]
R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2003-08-01 9856]
R3 STAC97;SigmaTel C-Major Audio; C:\WINNT\system32\drivers\STAC97.sys [2003-10-17 252144]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINNT\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINNT\System32\DRIVERS\HSF_CNXT.sys [2003-07-28 672256]
S3 61883;61883 Unit Device; C:\WINNT\System32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 Avc;AVC Device; C:\WINNT\System32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINNT\System32\DRIVERS\bcmwl5.sys [2003-06-13 254208]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINNT\System32\DRIVERS\Camdrl.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINNT\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 LVcKap;Logitech AEC Driver; C:\WINNT\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINNT\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINNT\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINNT\system32\drivers\LVUSBSta.sys [2007-07-18 41752]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINNT\System32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pepifilter;Volume Adapter; C:\WINNT\system32\DRIVERS\lv302af.sys [2007-07-18 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINNT\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 VX3000;VX-3000; C:\WINNT\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINNT\System32\Ati2evxx.exe [2003-08-12 319488]
R2 ehSched;Media Center Scheduler Service; C:\WINNT\ehome\ehSched.exe [2004-08-03 84992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-15 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-15 648456]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\HPZipm12.exe [2003-03-09 65795]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-14 503608]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-22 724992]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 PrismXL;PrismXL; C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS [2006-01-23 57344]

-----------------EOF-----------------

Info.txt
info.txt logfile of random's system information tool 1.05 2009-01-16 21:07:52

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->C:\WINNT\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINNT\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINNT\UNNeroShowTime.exe /UNINSTALL
-->C:\WINNT\UNNeroVision.exe /UNINSTALL
-->C:\WINNT\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Encore DVD 1.0-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2CF483C-7EEE-4B64-A730-14F83CD5AFFE}\setup.exe"
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adventures in Typing-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1D8269-A50C-4C1E-88D6-1B6E1320FEE8}\setup.exe" -l0x9
Ahead Nero BurnRights-->C:\WINNT\UNNeroBurnRights.exe /UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINNT\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9
Combat Arms-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
DoMore-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5B26C1E-4751-4F03-BC18-634F41F31EC6}\setup.exe" -l0x9
DVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
FirstClass® Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\Setup.exe" -l0x9 -uninst
Gateway Drivers and Applications Recovery-->C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway IE Customizations-->C:\Program Files\\Gateway\IECustom\IEProj.exe UNINSTALL
Gateway Ink Monitor-->MsiExec.exe /X{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}
Gateway User's Guide-->"C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 0755407D-BE9E-4D24-8FE4-39C2FBED6FA8 /Prompt
Greetings Workshop-->C:\Program Files\Greetings Workshop\SETUP\setup.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hollywood FX 5.5 Additional Effects-->C:\WINNT\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\unextralog
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC 1100/1200/1300 series Cartridge Compatibility Utility-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\CartridgeCompatibilityUtility\Uninst.isu"
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 1200 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
Intel® PRO Network Connections 12.1.12.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
iTunes-->MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Luxor - Amun Rising-->"C:\Program Files\MSN Games\Luxor - Amun Rising\Uninstall.exe" "C:\Program Files\MSN Games\Luxor - Amun Rising\install.log"
Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINNT\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINNT\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Streets and Trips 2004-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790210}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2004 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe d:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Microsoft Works-->MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Mystery Case Files - Prime Suspects-->"C:\Program Files\MSN Games\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\MSN Games\Mystery Case Files - Prime Suspects\install.log"
Nero 7 Ultra Edition-->MsiExec.exe /I{E57D365C-BB31-4288-83EC-5F4EF2D11033}
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Pinnacle Hollywood FX-->C:\WINNT\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINNT\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINNT\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINNT\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINNT\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINNT\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINNT\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINNT\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINNT\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINNT\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINNT\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINNT\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINNT\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINNT\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINNT\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINNT\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINNT\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINNT\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINNT\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINNT\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINNT\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINNT\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINNT\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINNT\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINNT\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINNT\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINNT\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINNT\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINNT\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINNT\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINNT\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINNT\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINNT\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINNT\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINNT\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINNT\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINNT\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINNT\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINNT\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe"
Shockwave-->C:\WINNT\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\System32\Macromed\SHOCKW~1\Install.log
SoftK56 Data Fax Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24D6&SUBSYS_3009107B\HXFSETUP.EXE -U -Iask20305.inf
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Studio 9 Content CD/DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x9 UNINSTALL
Studio 9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Update for Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINNT\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINNT\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINNT\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINNT\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINNT\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINNT\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINNT\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINNT\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINNT\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINNT\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINNT\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINNT\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
Wheel of Fortune 2 (remove only)-->"C:\Program Files\Sony Online Entertainment\Wheel of Fortune 2\Uninstall Wheel of Fortune 2.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:\WINNT\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINNT\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINNT\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINNT\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINNT\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINNT\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINNT\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINNT\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Zuma Deluxe 1.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"

======Security center information======

AV: Trend Micro Internet Security
FW: Trend Micro Personal Firewall

System event log

Computer Name: S1098537242
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 58859
Source Name: Service Control Manager
Time Written: 20081002060730.000000-420
Event Type: information
User: S1098537242\Administrator

Computer Name: S1098537242
Event Code: 7036
Message: The Telephony service entered the running state.

Record Number: 58858
Source Name: Service Control Manager
Time Written: 20081002060730.000000-420
Event Type: information
User:

Computer Name: S1098537242
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 58857
Source Name: Service Control Manager
Time Written: 20081002060730.000000-420
Event Type: information
User:

Computer Name: S1098537242
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 58856
Source Name: Service Control Manager
Time Written: 20081002060730.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: S1098537242
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 58855
Source Name: Service Control Manager
Time Written: 20081002060730.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: S1098537242
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: 0x800b0101

Record Number: 2008
Source Name: crypt32
Time Written: 20060414081914.000000-420
Event Type: error
User:

Computer Name: S1098537242
Event Code: 2
Message: Successful auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

Record Number: 2007
Source Name: crypt32
Time Written: 20060414081914.000000-420
Event Type: information
User:

Computer Name: S1098537242
Event Code: 7
Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 2006
Source Name: crypt32
Time Written: 20060414081914.000000-420
Event Type: information
User:

Computer Name: S1098537242
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: 0x800b0101

Record Number: 2005
Source Name: crypt32
Time Written: 20060414081914.000000-420
Event Type: error
User:

Computer Name: S1098537242
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: 0x800b0101

Record Number: 2004
Source Name: crypt32
Time Written: 20060414081914.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\Intel\DMIX
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

TY!

Attached Files


"The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797)

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 17 January 2009 - 02:38 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)



Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINNT\tasks\At*.job
    C:\WINNT\system32\zebekeli.dll
    C:\WINNT\system32\zoweruna.dll
    C:\WINNT\system32\zisewato.dll
    C:\WINNT\system32\zakumuno.dll
    C:\WINNT\system32\yurugahi.dll
    C:\WINNT\system32\yunopadi.dll
    C:\WINNT\system32\yezilewi.dll
    C:\WINNT\system32\vadumema.dll
    C:\WINNT\system32\tomomola.dll
    C:\WINNT\system32\sunumudi.dll
    C:\WINNT\system32\sipizeli.dll
    C:\WINNT\system32\saseneda.dll
    C:\WINNT\system32\ragutali.dll
    C:\WINNT\system32\pegenemo.dll
    C:\WINNT\system32\nuvakuka.dll
    C:\WINNT\system32\nuhenehu.dll
    C:\WINNT\system32\noleyelo.dll
    C:\WINNT\system32\niyikaho.dll
    C:\WINNT\system32\nisoresu.dll
    C:\WINNT\system32\nevetuva.dll
    C:\WINNT\system32\namagitu.dll
    C:\WINNT\system32\mugelide.dll
    C:\WINNT\system32\majisero.dll
    C:\WINNT\system32\lowavoke.dll
    C:\WINNT\system32\livaleze.dll
    C:\WINNT\system32\kikehana.dll
    C:\WINNT\system32\jugagabi.dll
    C:\WINNT\system32\jadiribe.dll
    C:\WINNT\system32\hevaluya.dll
    C:\WINNT\system32\gukejibu.dll
    C:\WINNT\system32\gihiwake.dll
    C:\WINNT\system32\dojoboli.dll
    C:\WINNT\system32\dilotiri.dll
    C:\WINNT\system32\defadipa.dll
    C:\WINNT\system32\dagewoyo.dll
    C:\WINNT\system32\benagaya.dll
    C:\WINNT\system32\begozebu.dll
    c:\winnt\system32\gukejibu.dll
    c:\winnt\system32\mirajehi.dll
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT and DDS again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt
3. DDS.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 COW8OY

COW8OY
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 January 2009 - 10:53 AM

OTMove3 Log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINNT\tasks\At1.job moved successfully.
C:\WINNT\tasks\At10.job moved successfully.
C:\WINNT\tasks\At11.job moved successfully.
C:\WINNT\tasks\At12.job moved successfully.
C:\WINNT\tasks\At13.job moved successfully.
C:\WINNT\tasks\At14.job moved successfully.
C:\WINNT\tasks\At15.job moved successfully.
C:\WINNT\tasks\At16.job moved successfully.
C:\WINNT\tasks\At17.job moved successfully.
C:\WINNT\tasks\At18.job moved successfully.
C:\WINNT\tasks\At19.job moved successfully.
C:\WINNT\tasks\At2.job moved successfully.
C:\WINNT\tasks\At20.job moved successfully.
C:\WINNT\tasks\At21.job moved successfully.
C:\WINNT\tasks\At22.job moved successfully.
C:\WINNT\tasks\At23.job moved successfully.
C:\WINNT\tasks\At24.job moved successfully.
C:\WINNT\tasks\At25.job moved successfully.
C:\WINNT\tasks\At26.job moved successfully.
C:\WINNT\tasks\At27.job moved successfully.
C:\WINNT\tasks\At28.job moved successfully.
C:\WINNT\tasks\At29.job moved successfully.
C:\WINNT\tasks\At3.job moved successfully.
C:\WINNT\tasks\At30.job moved successfully.
C:\WINNT\tasks\At31.job moved successfully.
C:\WINNT\tasks\At32.job moved successfully.
C:\WINNT\tasks\At33.job moved successfully.
C:\WINNT\tasks\At34.job moved successfully.
C:\WINNT\tasks\At35.job moved successfully.
C:\WINNT\tasks\At36.job moved successfully.
C:\WINNT\tasks\At37.job moved successfully.
C:\WINNT\tasks\At38.job moved successfully.
C:\WINNT\tasks\At39.job moved successfully.
C:\WINNT\tasks\At4.job moved successfully.
C:\WINNT\tasks\At40.job moved successfully.
C:\WINNT\tasks\At41.job moved successfully.
C:\WINNT\tasks\At42.job moved successfully.
C:\WINNT\tasks\At43.job moved successfully.
C:\WINNT\tasks\At44.job moved successfully.
C:\WINNT\tasks\At45.job moved successfully.
C:\WINNT\tasks\At46.job moved successfully.
C:\WINNT\tasks\At47.job moved successfully.
C:\WINNT\tasks\At48.job moved successfully.
C:\WINNT\tasks\At5.job moved successfully.
C:\WINNT\tasks\At6.job moved successfully.
C:\WINNT\tasks\At7.job moved successfully.
C:\WINNT\tasks\At8.job moved successfully.
C:\WINNT\tasks\At9.job moved successfully.
File/Folder C:\WINNT\system32\zebekeli.dll not found.
LoadLibrary failed for C:\WINNT\system32\zoweruna.dll
C:\WINNT\system32\zoweruna.dll NOT unregistered.
C:\WINNT\system32\zoweruna.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\zisewato.dll
C:\WINNT\system32\zisewato.dll NOT unregistered.
C:\WINNT\system32\zisewato.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\zakumuno.dll
C:\WINNT\system32\zakumuno.dll NOT unregistered.
C:\WINNT\system32\zakumuno.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\yurugahi.dll
C:\WINNT\system32\yurugahi.dll NOT unregistered.
C:\WINNT\system32\yurugahi.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\yunopadi.dll
C:\WINNT\system32\yunopadi.dll NOT unregistered.
C:\WINNT\system32\yunopadi.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\yezilewi.dll
C:\WINNT\system32\yezilewi.dll NOT unregistered.
C:\WINNT\system32\yezilewi.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\vadumema.dll
C:\WINNT\system32\vadumema.dll NOT unregistered.
C:\WINNT\system32\vadumema.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\tomomola.dll
C:\WINNT\system32\tomomola.dll NOT unregistered.
C:\WINNT\system32\tomomola.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\sunumudi.dll
C:\WINNT\system32\sunumudi.dll NOT unregistered.
C:\WINNT\system32\sunumudi.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\sipizeli.dll
C:\WINNT\system32\sipizeli.dll NOT unregistered.
C:\WINNT\system32\sipizeli.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\saseneda.dll
C:\WINNT\system32\saseneda.dll NOT unregistered.
C:\WINNT\system32\saseneda.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\ragutali.dll
C:\WINNT\system32\ragutali.dll NOT unregistered.
C:\WINNT\system32\ragutali.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\pegenemo.dll
C:\WINNT\system32\pegenemo.dll NOT unregistered.
C:\WINNT\system32\pegenemo.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\nuvakuka.dll
C:\WINNT\system32\nuvakuka.dll NOT unregistered.
C:\WINNT\system32\nuvakuka.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\nuhenehu.dll
C:\WINNT\system32\nuhenehu.dll NOT unregistered.
C:\WINNT\system32\nuhenehu.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\noleyelo.dll
C:\WINNT\system32\noleyelo.dll NOT unregistered.
C:\WINNT\system32\noleyelo.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\niyikaho.dll
C:\WINNT\system32\niyikaho.dll NOT unregistered.
C:\WINNT\system32\niyikaho.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\nisoresu.dll
C:\WINNT\system32\nisoresu.dll NOT unregistered.
C:\WINNT\system32\nisoresu.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\nevetuva.dll
C:\WINNT\system32\nevetuva.dll NOT unregistered.
C:\WINNT\system32\nevetuva.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\namagitu.dll
C:\WINNT\system32\namagitu.dll NOT unregistered.
C:\WINNT\system32\namagitu.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\mugelide.dll
C:\WINNT\system32\mugelide.dll NOT unregistered.
C:\WINNT\system32\mugelide.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\majisero.dll
C:\WINNT\system32\majisero.dll NOT unregistered.
C:\WINNT\system32\majisero.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\lowavoke.dll
C:\WINNT\system32\lowavoke.dll NOT unregistered.
C:\WINNT\system32\lowavoke.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\livaleze.dll
C:\WINNT\system32\livaleze.dll NOT unregistered.
C:\WINNT\system32\livaleze.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\kikehana.dll
C:\WINNT\system32\kikehana.dll NOT unregistered.
C:\WINNT\system32\kikehana.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\jugagabi.dll
C:\WINNT\system32\jugagabi.dll NOT unregistered.
C:\WINNT\system32\jugagabi.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\jadiribe.dll
C:\WINNT\system32\jadiribe.dll NOT unregistered.
C:\WINNT\system32\jadiribe.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\hevaluya.dll
C:\WINNT\system32\hevaluya.dll NOT unregistered.
C:\WINNT\system32\hevaluya.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\gukejibu.dll
C:\WINNT\system32\gukejibu.dll NOT unregistered.
C:\WINNT\system32\gukejibu.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\gihiwake.dll
C:\WINNT\system32\gihiwake.dll NOT unregistered.
C:\WINNT\system32\gihiwake.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\dojoboli.dll
C:\WINNT\system32\dojoboli.dll NOT unregistered.
C:\WINNT\system32\dojoboli.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\dilotiri.dll
C:\WINNT\system32\dilotiri.dll NOT unregistered.
C:\WINNT\system32\dilotiri.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\defadipa.dll
C:\WINNT\system32\defadipa.dll NOT unregistered.
C:\WINNT\system32\defadipa.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\dagewoyo.dll
C:\WINNT\system32\dagewoyo.dll NOT unregistered.
C:\WINNT\system32\dagewoyo.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\benagaya.dll
C:\WINNT\system32\benagaya.dll NOT unregistered.
C:\WINNT\system32\benagaya.dll moved successfully.
LoadLibrary failed for C:\WINNT\system32\begozebu.dll
C:\WINNT\system32\begozebu.dll NOT unregistered.
C:\WINNT\system32\begozebu.dll moved successfully.
File/Folder c:\winnt\system32\gukejibu.dll not found.
File/Folder c:\winnt\system32\mirajehi.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINNT\temp\Perflib_Perfdata_cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01172009_072942

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINNT\temp\Perflib_Perfdata_cc.dat not found!

RSIT Log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-17 07:43:04
Microsoft Windows XP Professional Service Pack 2
System drive C: has 173 GB (90%) free of 191 GB
Total RAM: 510 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:16 AM, on 1/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
C:\WINNT\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helloworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 5168 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090050001.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINNT\system32\Ati2mdxx.exe [2001-09-04 28672]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-30 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINNT\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINNT\ehome\ehtray.exe [2004-08-03 50176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor]
C:\Program Files\Gateway Utilities\GWInkMonitor.exe [2003-06-24 303180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-09-14 267064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StacSysTray]
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe [2003-10-23 962560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-21 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINNT\vVX3000.exe [2007-04-10 709992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
C:\PROGRA~1\GREETI~1\GWREMIND.EXE [1997-09-03 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-06 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2003-12-17 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YourScreen.lnk]
C:\PROGRA~1\YOURSC~1\YOURSC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PassThru"=3
"ose"=3
"nmservice"=2
"nmraapache"=3
"NBService"=3
"MDM"=2
"LVPrcSrv"=2
"LVCOMSer"=2
"iPod Service"=3
"gusvc"=3
"Apple Mobile Device"=2
"PrismXL"=2
"LVSrvLauncher"=2
"aawservice"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Combat Arms\NMService.exe"="C:\Program Files\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Trend Micro\Internet Security\TmPfw.exe"="C:\Program Files\Trend Micro\Internet Security\TmPfw.exe:*:Enabled:TmPfw"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\Trend Micro\BM\TMBMSRV.exe"="C:\Program Files\Trend Micro\BM\TMBMSRV.exe:*:Enabled:TMBMSRV"
"C:\WINNT\system32\wbem\wmiprvse.exe"="C:\WINNT\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\WINNT\system32\userinit.exe"="C:\WINNT\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe:*:Enabled:UfSeAgnt"
"C:\WINNT\system32\sndvol32.exe"="C:\WINNT\system32\sndvol32.exe:*:Enabled:SNDVOL32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{176b2d23-155e-11dc-9245-0040ca6bbb4b}]
shell\AutoRun\command - I:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-01-17 07:29:42 ----D---- C:\_OTMoveIt
2009-01-16 21:12:40 ----A---- C:\WINNT\gmer.ini
2009-01-16 21:12:39 ----A---- C:\WINNT\gmer_uninstall.cmd
2009-01-16 21:12:39 ----A---- C:\WINNT\gmer.dll
2009-01-16 21:12:38 ----RA---- C:\WINNT\gmer.exe
2009-01-16 21:07:24 ----D---- C:\rsit
2009-01-16 20:27:26 ----SHD---- C:\RECYCLER
2009-01-16 20:11:36 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-01-16 20:11:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-16 20:11:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-10 15:05:31 ----A---- C:\1-10-09ComboRprt.txt
2009-01-10 14:57:57 ----A---- C:\ComboFix.txt
2009-01-10 14:31:28 ----D---- C:\WINNT\temp
2009-01-10 14:27:29 ----A---- C:\WINNT\zip.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\VFIND.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\SWXCACLS.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\SWSC.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\SWREG.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\sed.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\NIRCMD.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\grep.exe
2009-01-10 14:27:29 ----A---- C:\WINNT\fdsv.exe
2009-01-10 14:26:54 ----D---- C:\Qoobox
2009-01-10 09:49:59 ----A---- C:\WINNT\HPGdiPlus.ini
2009-01-10 09:47:17 ----D---- C:\Program Files\HP
2008-12-22 19:36:49 ----A---- C:\WINNT\system32\javaws.exe
2008-12-22 19:36:49 ----A---- C:\WINNT\system32\javaw.exe
2008-12-22 19:36:49 ----A---- C:\WINNT\system32\java.exe
2008-12-22 19:36:49 ----A---- C:\WINNT\system32\deploytk.dll
2008-12-22 19:17:20 ----A---- C:\Boot.bak
2008-12-22 19:17:03 ----RASHD---- C:\cmdcons
2008-12-22 19:16:03 ----D---- C:\WINNT\ERDNT
2008-12-20 14:40:40 ----D---- C:\Program Files\Lavasoft
2008-12-20 14:40:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-20 14:26:07 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-12-20 13:48:55 ----HDC---- C:\WINNT\$NtUninstallKB955839$
2008-12-20 13:48:36 ----D---- C:\Program Files\PCPitstop
2008-12-20 13:40:15 ----HDC---- C:\WINNT\$NtUninstallKB958215$
2008-12-20 13:29:55 ----HDC---- C:\WINNT\$NtUninstallKB960714$
2008-12-20 13:26:19 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2008-12-20 13:22:17 ----HDC---- C:\WINNT\$NtUninstallKB956802$
2008-12-19 06:01:44 ----A---- C:\WINNT\system32\SET7F.tmp
2008-11-11 19:06:11 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2008-11-11 19:04:46 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2008-11-01 12:31:28 ----D---- C:\Program Files\Combat Arms
2008-11-01 12:31:27 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-10-24 20:00:27 ----A---- C:\WINNT\DCEBoot.exe
2008-10-24 04:55:34 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2008-10-23 05:01:36 ----A---- C:\WINNT\system32\SET54.tmp

======List of files/folders modified in the last 3 months======

2009-01-17 07:43:07 ----D---- C:\Program Files\Trend Micro
2009-01-17 07:36:09 ----AD---- C:\WINNT\system32
2009-01-17 07:36:09 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2009-01-17 07:35:50 ----D---- C:\WINNT\system32\CatRoot2
2009-01-17 07:35:33 ----D---- C:\WINNT\Prefetch
2009-01-17 07:32:03 ----D---- C:\WINNT
2009-01-17 07:30:44 ----A---- C:\WINNT\SchedLgU.Txt
2009-01-17 07:29:42 ----SD---- C:\WINNT\Tasks
2009-01-17 07:22:50 ----SHD---- C:\WINNT\Installer
2009-01-17 07:22:50 ----D---- C:\Program Files\Common Files
2009-01-17 07:22:46 ----D---- C:\WINNT\system32\drivers
2009-01-16 22:02:58 ----A---- C:\WINNT\ModemLog_Conexant SoftK56 Data Fax Modem.txt
2009-01-16 21:44:32 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-01-16 20:11:25 ----D---- C:\Program Files
2009-01-10 15:32:41 ----RASH---- C:\boot.ini
2009-01-10 15:32:41 ----A---- C:\WINNT\win.ini
2009-01-10 15:32:41 ----A---- C:\WINNT\system.ini
2009-01-10 14:51:57 ----D---- C:\WINNT\system32\config
2009-01-10 14:30:34 ----D---- C:\WINNT\AppPatch
2009-01-10 14:29:00 ----SD---- C:\WINNT\Downloaded Program Files
2009-01-10 09:52:43 ----HD---- C:\WINNT\inf
2009-01-10 09:52:42 ----D---- C:\Program Files\Hewlett-Packard
2009-01-10 09:47:04 ----D---- C:\WINNT\Downloaded Installations
2009-01-10 08:26:58 ----D---- C:\WINNT\system32\CatRoot
2009-01-10 08:17:08 ----AC---- C:\WINNT\ntbtlog.txt
2009-01-09 19:46:12 ----A---- C:\WINNT\NeroDigital.ini
2009-01-09 19:23:00 ----D---- C:\WINNT\system32\wbem
2009-01-02 18:17:32 ----D---- C:\Program Files\Greetings Workshop
2008-12-22 23:22:38 ----SHD---- C:\System Volume Information
2008-12-22 23:22:38 ----D---- C:\WINNT\system32\Restore
2008-12-22 19:36:33 ----D---- C:\Program Files\Java
2008-12-20 13:41:18 ----A---- C:\WINNT\imsins.BAK
2008-12-20 13:40:44 ----RSHD---- C:\WINNT\system32\dllcache
2008-12-20 13:40:38 ----D---- C:\Program Files\Internet Explorer
2008-12-20 13:38:49 ----HD---- C:\WINNT\$hf_mig$
2008-12-02 16:58:19 ----D---- C:\WINNT\Help
2008-11-11 19:03:50 ----D---- C:\WINNT\WinSxS
2008-10-22 01:47:07 ----N---- C:\WINNT\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINNT\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 cdrbsvsd;cdrbsvsd; C:\WINNT\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 PCLEPCI;PCLEPCI; \??\C:\WINNT\System32\drivers\pclepci.sys []
R1 tmtdi;Trend Micro TDI Driver; C:\WINNT\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 CX23880;AVerMedia AVerTV MPEG Video Capture (!); C:\WINNT\system32\drivers\cx88vid.sys [2003-10-21 246272]
R2 CX88ENC;AVerMedia AVerTV MPEG Encoder; C:\WINNT\system32\drivers\cx88enc.sys [2003-10-21 294912]
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar; C:\WINNT\system32\drivers\CX88XBAR.sys [2003-10-21 6912]
R2 CXTUNE;AVerMedia AVerTV Tuner; C:\WINNT\system32\drivers\CX88TUNE.sys [2003-10-21 30848]
R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmcomm;tmcomm; \??\C:\WINNT\system32\drivers\tmcomm.sys []
R2 tmpreflt;tmpreflt; C:\WINNT\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
R2 tmxpflt;tmxpflt; C:\WINNT\system32\DRIVERS\tmxpflt.sys [2008-11-26 205328]
R2 vsapint;vsapint; C:\WINNT\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]
R3 ASAPIW2k;ASAPIW2K; C:\WINNT\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 ati2mtag;ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [2003-08-12 594432]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture; C:\WINNT\system32\drivers\cxavsaud.sys [2003-10-21 8320]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2007-03-14 165760]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidFP;HID Front Panel Driver Service; C:\WINNT\System32\DRIVERS\HidFP.sys [2006-01-23 4128]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINNT\System32\DRIVERS\hidir.sys [2004-08-03 15104]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINNT\System32\DRIVERS\HSF_DP.sys [2003-07-28 1064448]
R3 HSFHWICH;HSFHWICH; C:\WINNT\System32\DRIVERS\HSFHWICH.sys [2003-07-28 190848]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINNT\System32\DRIVERS\IrBus.sys [2004-08-03 40832]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINNT\System32\DRIVERS\MarvinBus.sys [2004-03-29 90464]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINNT\system32\drivers\MxlW2k.sys [2004-07-17 28352]
R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2003-08-01 9856]
R3 STAC97;SigmaTel C-Major Audio; C:\WINNT\system32\drivers\STAC97.sys [2003-10-17 252144]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINNT\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINNT\System32\DRIVERS\HSF_CNXT.sys [2003-07-28 672256]
S2 tmactmon;tmactmon; \??\C:\WINNT\system32\drivers\tmactmon.sys []
S2 tmevtmgr;tmevtmgr; \??\C:\WINNT\system32\drivers\tmevtmgr.sys []
S3 61883;61883 Unit Device; C:\WINNT\System32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 Avc;AVC Device; C:\WINNT\System32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINNT\System32\DRIVERS\bcmwl5.sys [2003-06-13 254208]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINNT\System32\DRIVERS\Camdrl.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINNT\system32\drivers\EagleNT.sys []
S3 gmer;gmer; C:\WINNT\System32\DRIVERS\gmer.sys [2009-01-16 85969]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 LVcKap;Logitech AEC Driver; C:\WINNT\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINNT\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINNT\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINNT\system32\drivers\LVUSBSta.sys [2007-07-18 41752]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINNT\System32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pepifilter;Volume Adapter; C:\WINNT\system32\DRIVERS\lv302af.sys [2007-07-18 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINNT\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 VX3000;VX-3000; C:\WINNT\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINNT\System32\Ati2evxx.exe [2003-08-12 319488]
R2 ehSched;Media Center Scheduler Service; C:\WINNT\ehome\ehSched.exe [2004-08-03 84992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
S2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
S2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\HPZipm12.exe [2003-03-09 65795]
S3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-15 488768]
S3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-15 648456]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-14 503608]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-22 724992]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 PrismXL;PrismXL; C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS [2006-01-23 57344]

-----------------EOF-----------------

DDS.txt Log


DDS (Ver_09-01-07.01) - NTFSx86
Run by Administrator at 7:46:14.48 on Sat 01/17/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.264 [GMT -8:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*

============== Running Processes ===============

C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.helloworld.com/
mStart Page = hxxp://www.gatewaybiz.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\winnt\system32\drivers\cxavsaud.sys [2003-10-11 8320]
R3 HidFP;HID Front Panel Driver Service;c:\winnt\system32\drivers\HidFP.sys [2006-1-23 4128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\winnt\system32\drivers\TM_CFW.sys [2007-12-16 333328]
R4 CX88XBAR;AVerMedia AVerTV MPEG Crossbar;c:\winnt\system32\drivers\cx88xbar.sys [2003-10-11 6912]
R4 tmpreflt;tmpreflt;c:\winnt\system32\drivers\tmpreflt.sys [2007-12-16 36368]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-9-13 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-9-13 648456]
S4 tmevtmgr;tmevtmgr;c:\winnt\system32\drivers\tmevtmgr.sys [2008-9-13 52240]

=============== Created Last 30 ================

2009-01-17 07:29 <DIR> --d----- C:\_OTMoveIt
2009-01-16 21:12 250 a------- c:\winnt\gmer.ini
2009-01-16 20:11 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-01-16 20:11 15,504 a------- c:\winnt\system32\drivers\mbam.sys
2009-01-16 20:11 38,496 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-01-16 20:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-16 20:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 14:27 161,792 a------- c:\winnt\SWREG.exe
2009-01-10 14:27 98,816 a------- c:\winnt\sed.exe
2009-01-10 09:49 206 a------- c:\winnt\HPGdiPlus.ini
2009-01-10 09:47 <DIR> --d----- c:\program files\HP
2008-12-22 19:36 73,728 a------- c:\winnt\system32\javacpl.cpl
2008-12-22 19:36 410,984 a------- c:\winnt\system32\deploytk.dll
2008-12-22 19:17 <DIR> a-dshr-- C:\cmdcons
2008-12-20 14:40 <DIR> --d----- c:\program files\Lavasoft
2008-12-20 14:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2008-12-20 13:48 <DIR> --d----- c:\program files\PCPitstop
2008-12-19 06:01 3,060,224 a------- c:\winnt\system32\SET7F.tmp

==================== Find3M ====================

2009-01-16 20:32 24,494 a------- c:\docume~1\admini~1\applic~1\wklnhst.dat
2009-01-10 09:27 757,536 ac------ c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2008-12-12 09:33 3,060,224 -------- c:\winnt\system32\dllcache\mshtml.dll
2008-11-26 17:42 205,328 a------- c:\winnt\system32\drivers\tmxpflt.sys
2008-11-26 17:42 36,368 a------- c:\winnt\system32\drivers\tmpreflt.sys
2008-11-26 17:39 1,195,384 a------- c:\winnt\system32\drivers\vsapint.sys
2008-10-24 20:00 16,384 a------- c:\winnt\DCEBoot.exe
2008-10-24 03:10 453,632 -------- c:\winnt\system32\dllcache\mrxsmb.sys
2008-10-23 05:01 283,648 a------- c:\winnt\system32\SET54.tmp
2008-10-23 05:01 283,648 -------- c:\winnt\system32\dllcache\gdi32.dll
2006-04-24 05:21 3,596 ac------ c:\docume~1\admini~1\applic~1\ViewerApp.dat

============= FINISH: 7:46:43.37 ===============

:thumbsup:

Attached Files


"The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797)

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 17 January 2009 - 03:10 PM

Nice.. Lets do an online scan to see what might left...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 COW8OY

COW8OY
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 January 2009 - 05:15 PM

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3773 (20090117)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=599d65ebd1437d49826a235aa2d5c1bd
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-17 09:41:21
# local_time=2009-01-17 01:41:21 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=308263
# found=0
# scan_time=2106

Computer is crisp and clean now. TY! :thumbsup:
"The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797)

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 17 January 2009 - 05:19 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 COW8OY

COW8OY
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 January 2009 - 07:02 PM

Very smooth, Thank you very much. I will be sure to hit the Paypal botton.
"The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797)

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 18 January 2009 - 02:37 AM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users