Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infestation


  • Please log in to reply
20 replies to this topic

#1 tunch

tunch

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 10 January 2009 - 07:04 PM

I have picked up a Virtumonde virus on our family laptop. We are experiencing many, many pop-ups. One of the most notable is the Antivirus 2009 popup. Any assistance would be greatly appreciated. The DDS. file is pasted below. Thank you.

Tunch


DDS (Ver_09-01-07.01) - NTFSx86
Run by itcorp at 18:33:06.21 on Sat 01/10/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.41 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\COMMON~1\mkkr\mkkrm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\mkkr\mkkra.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\itcorp\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://business.dellnet.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://business.dellnet.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://business.dellnet.com/
uInternet Connection Wizard,ShellNext = hxxp://business.dellnet.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\rqRIyVmM.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {9AA1DDF4-CDBA-4A89-8BC1-A0A6B8AA054D} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {d3a7b68e-b63d-4cc3-a406-ec09d85b6ef5} - c:\windows\system32\nnnoLDSi.dll
BHO: {E1D7827E-8874-4EBF-A699-05B6FE3C00B5} - No File
BHO: {EB639091-2A0C-4FAB-B366-55D1394D76A2} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [mkkr] c:\progra~1\common~1\mkkr\mkkrm.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [CARPService] carpserv.exe
mRun: [bascstray] BascsTray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [<NO NAME>] "%1" %*
mRun: [Windows Taskbar Manager] c:\documents and settings\all users\start menu\programs\startup\internat.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [6444e8df] rundll32.exe "c:\windows\system32\oigovawq.dll",b
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f1u201~1.lnk - c:\program files\belkin\f1u201.401\usbshare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: rqRIyVmM - rqRIyVmM.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: zicvdq.dll sunqrl.dll bmszcr.dll hhdhty.dll uyuahp.dll iuudag.dll teelqo.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\rqRIyVmM.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnoLDSi
LSA: Notification Packages = scecli

============= SERVICES / DRIVERS ===============

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-2-14 59328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-23 24652]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\system32\svchost.exe -k netsvcs [2004-10-15 12800]
S4 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]

=============== Created Last 30 ================

2009-01-10 18:06 <DIR> --d----- c:\program files\CCleaner
2009-01-10 17:14 129,024 a------- c:\windows\system32\teelqo.dll
2009-01-10 17:14 129,024 a------- c:\windows\system32\lnkhvpao.dll
2009-01-10 17:12 1,256,329 ---sh--- c:\windows\system32\eymndlmr.ini
2009-01-10 17:12 72,704 a------- c:\windows\system32\rmldnmye.dll
2008-12-27 12:04 129,024 a------- c:\windows\system32\xkuiff.dll
2008-12-27 12:04 129,024 a------- c:\windows\system32\cnejlvah.dll
2008-12-27 11:59 1,301,095 ---sh--- c:\windows\system32\jopbahdu.ini
2008-12-27 11:58 72,704 a------- c:\windows\system32\udhabpoj.dll
2008-12-22 14:09 1,661,209 ---sh--- c:\windows\system32\nmwmjajn.ini
2008-12-22 14:09 72,704 a------- c:\windows\system32\njajmwmn.dll
2008-12-21 15:24 0 a------- c:\windows\system32\mcrh.tmp
2008-12-21 15:21 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2008-12-21 15:07 <DIR> --d----- c:\docume~1\itcorp\applic~1\Symantec
2008-12-21 14:07 1,661,209 ---sh--- c:\windows\system32\wxfpqahb.ini
2008-12-21 14:07 72,704 a------- c:\windows\system32\bhaqpfxw.dll
2008-12-21 14:05 129,024 a------- c:\windows\system32\iuudag.dll
2008-12-21 14:05 129,024 a------- c:\windows\system32\udyleboe.dll
2008-12-20 10:31 129,024 a------- c:\windows\system32\uyuahp.dll
2008-12-20 10:31 129,024 a------- c:\windows\system32\sqshyrfl.dll
2008-12-20 09:55 1,663,458 ---sh--- c:\windows\system32\ulsuupvg.ini
2008-12-20 09:55 72,704 a------- c:\windows\system32\gvpuuslu.dll
2008-12-18 15:58 1,663,458 ---sh--- c:\windows\system32\vsjixwqk.ini
2008-12-18 15:52 129,024 a------- c:\windows\system32\hhdhty.dll
2008-12-18 15:52 129,024 a------- c:\windows\system32\etkeprtn.dll
2008-12-18 10:00 129,024 a------- c:\windows\system32\bmszcr.dll
2008-12-18 10:00 129,024 a------- c:\windows\system32\ahhfnggo.dll
2008-12-16 15:53 129,024 a------- c:\windows\system32\sunqrl.dll
2008-12-16 15:53 129,024 a------- c:\windows\system32\hayqptix.dll
2008-12-16 15:50 1,663,458 ---sh--- c:\windows\system32\atmlekni.ini
2008-12-15 17:23 1,646,212 ---sh--- c:\windows\system32\qwavogio.ini
2008-12-15 17:20 129,024 a------- c:\windows\system32\zicvdq.dll
2008-12-15 17:20 129,024 a------- c:\windows\system32\lfcnyiwc.dll
2008-12-14 18:44 674,909 a--sh--- c:\windows\system32\iSDLonnn.ini2
2008-12-14 17:00 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-14 17:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-14 15:53 129,024 a------- c:\windows\system32\fnqbnv.dll
2008-12-14 15:53 129,024 a------- c:\windows\system32\yyvjadfr.dll
2008-12-14 15:45 72,704 a------- c:\windows\system32\gosoluss.dll
2008-12-13 11:44 129,024 a------- c:\windows\system32\yhnwyu.dll
2008-12-13 11:44 129,024 a------- c:\windows\system32\jkombocn.dll
2008-12-13 11:43 72,704 a------- c:\windows\system32\omsrvkul.dll
2008-12-11 20:27 129,024 a------- c:\windows\system32\vxkluk.dll
2008-12-11 20:27 129,024 a------- c:\windows\system32\eboawdjs.dll

==================== Find3M ====================

2008-12-06 13:17 302,592 a------- c:\windows\system32\nnnoLDSi.dll
2008-12-06 13:12 34,816 a------- c:\windows\system32\rqRIyVmM.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2007-04-04 19:36 56,912 a------- c:\documents and settings\itcorp\g2mdlhlpx.exe

============= FINISH: 18:34:44.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:03:34 AM

Posted 11 January 2009 - 08:14 AM

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Absence of symptoms does not mean that everything is clear.
NOTE: Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe
MRU Master of Malware Removal University

Member of UNITE and ASAP

#3 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:03:34 AM

Posted 11 January 2009 - 10:23 AM

BACKDOOR TROJAN

I'm afraid I have some bad news for you. Your computer has multiple infections a BACKDOOR TROJAN. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all youraccount numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so. As long as you remember this: I can offer no assurances that the system will be secure afterwards.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.
MRU Master of Malware Removal University

Member of UNITE and ASAP

#4 tunch

tunch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 11 January 2009 - 12:47 PM

BioHazard,

Thank you. We would like to try to clean this computer up. I do not have access to original OS. I understand that your solutions may not solve all issues. This particular computer is primarily to access online games, AIM, etc. for the younger members of the family, so we will advise the banks just in case. Thank you.

Here is the big question: The computer shares a wireless network with the computer that we do use for personal banking, etc. There is not a possibilty that they can jump from one to the other.....is there?

Look forward to hearing your reply,

Tunch

#5 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:03:34 AM

Posted 11 January 2009 - 02:06 PM

Here is the big question: The computer shares a wireless network with the computer that we do use for personal banking, etc. There is not a possibilty that they can jump from one to the other.....is there?


Yes there is a possibility that the other computers might be infecyed aswell. They need to be checked out aswell. How many computers do you have? At the moment i will only deal with this computer.

Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.Alternate download link 1
Alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the Perform Full Scan option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found.
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


random's system information tool (RSIT)
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Malwarebytes Antimalware Log
  • RSIT logs, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • A description of how your computer is behaving

MRU Master of Malware Removal University

Member of UNITE and ASAP

#6 tunch

tunch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 11 January 2009 - 05:34 PM

Biohazard,

We have 2 other computers that run off the wireless network. After running the malware deal there were no pop-up issues as I prepared this information for you, which is a great improvement.

As you will see, the malware scan was not able to clean everything.

Here are the logs. Thanks!

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 5.1.2600 Service Pack 1

1/11/2009 5:13:21 PM
mbam-log-2009-01-11 (17-13-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119444
Time elapsed: 45 minute(s), 44 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 12
Registry Keys Infected: 19
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 66

Memory Processes Infected:
C:\Program Files\Common Files\mkkr\mkkrm.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Common Files\mkkr\mkkra.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\nnnoLDSi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\rmldnmye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\rqRIyVmM.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\zicvdq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sunqrl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\bmszcr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hhdhty.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\uyuahp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\iuudag.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\xkuiff.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\teelqo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Common Files\mkkr\mkkrd\mkkrc.dll (Adware.TargetServer) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqriyvmm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3a7b68e-b63d-4cc3-a406-ec09d85b6ef5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d3a7b68e-b63d-4cc3-a406-ec09d85b6ef5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ae73b971-a785-4557-a53b-564dbc7c5bea} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55913f46-e972-470f-8e29-25e000fd45fd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5d48aa62-8ba8-4d37-b6b5-c67951fa3111} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{56a81a71-b4b4-4ac4-b0d2-accff92a8f07} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2020c0b-39f7-4a34-8e0e-f28d67f7d872} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57d515a5-6cc5-4153-8940-b6f86c94bf0a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e648c3a4-11ee-4045-af0d-eb6fadc17eb7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6444e8df (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkkr (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnoldsi -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnoldsi -> Delete on reboot.

Folders Infected:
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\rqRIyVmM.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\nnnoLDSi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\iSDLonnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\iSDLonnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bhaqpfxw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wxfpqahb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\gvpuuslu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ulsuupvg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\njajmwmn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nmwmjajn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rmldnmye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\eymndlmr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\udhabpoj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jopbahdu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zicvdq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sunqrl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\bmszcr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hhdhty.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\uyuahp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\iuudag.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\xkuiff.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Common Files\mkkr\mkkrm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\teelqo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Common Files\mkkr\mkkra.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\mkkr\mkkrd\mkkrc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\mkkr\mkkrl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\mkkr\mkkrp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP948\A0097775.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP948\A0097776.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP949\A0098775.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP950\A0098792.exe (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP950\A0098793.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP950\A0098794.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP950\A0098795.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP950\A0098796.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP950\A0098797.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP951\A0098832.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP951\A0098833.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP951\A0098834.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP951\A0098835.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP951\A0098836.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP951\A0098837.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP951\A0098839.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP952\A0098848.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP952\A0098849.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP952\A0098851.exe (Spyware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP953\A0099874.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP953\A0099875.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP953\A0099876.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ahhfnggo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cnejlvah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\eboawdjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\etkeprtn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fnqbnv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\gosoluss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hayqptix.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jkombocn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lfcnyiwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lnkhvpao.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\omsrvkul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sqshyrfl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\udyleboe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vxkluk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yhnwyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yyvjadfr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.05 (written by random/random)
Run by itcorp at 2009-01-11 17:28:49
Microsoft Windows XP Professional Service Pack 1
System drive C: has 19 GB (68%) free of 29 GB
Total RAM: 511 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:00 PM, on 1/11/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\MDM.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\itcorp\Desktop\RSIT.exe
C:\Program Files\trend micro\itcorp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://business.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://business.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://business.dellnet.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9AA1DDF4-CDBA-4A89-8BC1-A0A6B8AA054D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {D3A7B68E-B63D-4CC3-A406-EC09D85B6EF5} - (no file)
O2 - BHO: (no name) - {E1D7827E-8874-4EBF-A699-05B6FE3C00B5} - (no file)
O2 - BHO: (no name) - {EB639091-2A0C-4FAB-B366-55D1394D76A2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [] "%1" %*
O4 - HKLM\..\Run: [Windows Taskbar Manager] c:\documents and settings\all users\start menu\programs\startup\internat.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: F1U201.401.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwka.ops.placeware.com/etc/place/...quicksilver.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229891213830
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ih-corp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ih-corp.com
O20 - AppInit_DLLs: zicvdq.dll sunqrl.dll bmszcr.dll hhdhty.dll uyuahp.dll iuudag.dll teelqo.dll
O20 - Winlogon Notify: rqRIyVmM - C:\WINDOWS\
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9045 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\EasyShare Registration Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AA1DDF4-CDBA-4A89-8BC1-A0A6B8AA054D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-28 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-19 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3A7B68E-B63D-4CC3-A406-EC09D85B6EF5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1D7827E-8874-4EBF-A699-05B6FE3C00B5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB639091-2A0C-4FAB-B366-55D1394D76A2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\system32\msdxm.ocx [2003-09-17 844048]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-28 2554944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2002-08-22 143360]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-26 4632576]
"nwiz"=nwiz.exe /installquiet []
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2003-01-23 4608]
"bascstray"=BascsTray.exe []
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2003-01-31 364544]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-07-17 28672]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe [2004-09-30 176128]
""=* []
"Windows Taskbar Manager"=c:\documents and settings\all users\start menu\programs\startup\internat.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-18 278528]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"vptray"=C:\Program Files\NavNT\vptray.exe [2001-09-24 73728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1663248]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-30 68856]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
F1U201.401.lnk - C:\Program Files\Belkin\F1U201.401\usbshare.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="zicvdq.dll sunqrl.dll bmszcr.dll hhdhty.dll uyuahp.dll iuudag.dll teelqo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2001-09-24 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRIyVmM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll [2003-03-24 110592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-01-11 17:28:50 ----D---- C:\Program Files\trend micro
2009-01-11 17:28:49 ----D---- C:\rsit
2009-01-11 17:14:18 ----SH---- C:\WINDOWS\System32\hrtkgtim.ini
2009-01-11 17:14:11 ----A---- C:\WINDOWS\System32\mitgktrh.dll
2009-01-11 16:25:04 ----D---- C:\Documents and Settings\itcorp\Application Data\Malwarebytes
2009-01-11 16:24:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-11 16:24:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-10 18:06:55 ----D---- C:\Program Files\CCleaner
2009-01-10 17:23:58 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-21 15:21:37 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-12-21 15:07:06 ----D---- C:\Documents and Settings\itcorp\Application Data\Symantec
2008-12-18 15:58:03 ----SH---- C:\WINDOWS\System32\vsjixwqk.ini
2008-12-16 15:50:32 ----SH---- C:\WINDOWS\System32\atmlekni.ini
2008-12-15 17:23:24 ----SH---- C:\WINDOWS\System32\qwavogio.ini
2008-12-15 10:18:34 ----A---- C:\WINDOWS\System32\6f672ca1-.txt
2008-12-14 17:00:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-14 17:00:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-01-11 17:28:50 ----RD---- C:\Program Files
2009-01-11 17:25:34 ----D---- C:\WINDOWS\Temp
2009-01-11 17:17:20 ----D---- C:\WINDOWS
2009-01-11 17:15:49 ----D---- C:\WINDOWS\SYSTEM32
2009-01-11 17:15:48 ----D---- C:\WINDOWS\System32\DRIVERS
2009-01-11 17:15:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-11 17:14:19 ----D---- C:\WINDOWS\Prefetch
2009-01-11 16:22:25 ----D---- C:\WINDOWS\System32\CatRoot2
2009-01-10 18:12:12 ----D---- C:\WINDOWS\Debug
2009-01-10 17:23:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-10 17:18:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-10 17:10:41 ----SHD---- C:\WINDOWS\CSC
2008-12-21 15:12:07 ----HD---- C:\Config.Msi
2008-12-21 15:07:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-21 15:05:04 ----SHD---- C:\WINDOWS\Installer
2008-12-21 15:05:03 ----D---- C:\Program Files\Symantec
2008-12-21 15:05:03 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-21 14:13:30 ----D---- C:\Program Files\Outlook Express
2008-12-21 09:34:18 ----D---- C:\WINDOWS\System32\appmgmt
2008-12-21 09:32:52 ----D---- C:\Program Files\NavNT
2008-12-21 09:30:42 ----D---- C:\WINDOWS\System32\CBA
2008-12-21 09:30:42 ----A---- C:\WINDOWS\ODBC.INI
2008-12-20 10:46:12 ----RSHD---- C:\WINDOWS\System32\DLLCACHE
2008-12-14 19:00:16 ----D---- C:\Program Files\Common Files\mkkr

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2006-10-18 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2006-10-18 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\System32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-01-07 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\System32\drivers\pwd_2k.sys [2003-09-16 143834]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\System32\drivers\UdfReadr_xp.sys [2003-09-16 206464]
R2 BASFND;BASFND; \??\C:\WINDOWS\System32\Drivers\BASFND.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.7; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-06-14 15781]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-01-12 10906]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2003-01-23 22400]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-02-12 90824]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-01-07 166016]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2004-04-09 312960]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2002-08-29 13184]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 GTICARD;GTICARD; C:\WINDOWS\System32\DRIVERS\gticard.sys [2003-02-14 59328]
R3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-05-11 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2004-05-11 200064]
R3 mmc_2K;mmc_2K; C:\WINDOWS\System32\drivers\mmc_2K.sys [2003-09-16 30630]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-10-26 2830688]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-02-14 42060]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2004-05-11 684800]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys []
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-11-25 37632]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\System32\drivers\dvd_2K.sys [2003-09-16 25898]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-10-04 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-10-04 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-10-04 21744]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]
S3 RimUsb;RIM Handheld; C:\WINDOWS\System32\Drivers\RimUsb.sys [2004-01-12 17286]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-03-31 2390528]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2001-08-17 29056]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2001-08-17 27648]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2001-08-17 27648]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2001-08-17 26112]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2001-08-17 27392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BAsfIpM;Broadcom ASF IP monitoring service v3.0.1; C:\WINDOWS\System32\basfipm.exe [2002-11-12 73728]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-19 168432]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-26 127044]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-03-24 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-03-24 299075]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\wltrysvc.exe [2004-04-09 45056]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-18 323584]
S2 DefWatch;DefWatch; C:\Program Files\NavNT\defwatch.exe [2001-09-24 32768]
S2 Norton AntiVirus Server;Norton AntiVirus Client; C:\Program Files\NavNT\rtvscan.exe [2001-09-24 454656]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-11-26 139264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-11 17:29:06

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2x1/4x1 USB Peripheral Switch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D199D0A1-1D5A-4A74-B11F-BFD83DEA49A3}\Setup.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\Install.log
Advanced Networking Pack for Windows XP-->C:\WINDOWS\$NtUninstallKB817778$\spuninst\spuninst.exe
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
BlackBerry Desktop Manager 3.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{49268597-BE0D-44CF-8625-58540284AAA7} /l1033 /l1033 /zMAINTENANCE
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Broadcom ASF Management Applications-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant D480 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Wireless WLAN Utility-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DirectX 9 Hotfix - KB839643-->C:\WINDOWS\$NtUninstallKB839643-DirectX9$\spuninst\spuninst.exe
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
GoldMine 6.5-->C:\WINDOWS\IsUninst.exe -fh:\goldmine\Uninst.isu
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
hp deskjet 5550 series (Remove only)-->C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall
hp deskjet 5550 series-->rundll32 hpzcon07.dll,VendorJettison hp deskjet 5550 series
Intel® PROSet-->MsiExec.exe /I{0694E6B0-372D-44A6-AB76-80B44B971D54}
Internet Explorer Q903235-->C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-11-17-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_7cad4d\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Live Meeting-->C:\Program Files\Microsoft Office\Live Meeting\Quicksilver\quicksilver.exe -UALL
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
netbrdg-->MsiExec.exe /I{56AB063D-1450-4BDE-9F0D-E9C693429C51}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Norton AntiVirus Corporate Edition-->MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PCDADDIN-->MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP-->MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896426)-->"C:\WINDOWS\$NtUninstallKB896426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905495)-->"C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Windows XP (KB835409)-->"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player Hotfix [See KB837272 for more information]-->C:\WINDOWS\$NtUninstallKB837272$\spuninst\spuninst.exe
Windows Media Player Hotfix [See Q828026 for more information]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows XP Hotfix - KB820291-->C:\WINDOWS\$NtUninstallKB820291$\spuninst\spuninst.exe
Windows XP Hotfix - KB821253-->C:\WINDOWS\$NtUninstallKB821253$\spuninst\spuninst.exe
Windows XP Hotfix - KB821557-->C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
Windows XP Hotfix - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe
Windows XP Hotfix - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Windows XP Hotfix - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
Windows XP Hotfix - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
Windows XP Hotfix - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
Windows XP Hotfix - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
Windows XP Hotfix - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
Windows XP Hotfix - KB833987-->C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
Windows XP Hotfix - KB833998-->C:\WINDOWS\$NtUninstallKB833998$\spuninst\spuninst.exe
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707-IE6SP1-20040929.091901$\spuninst\spuninst.exe
Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Windows XP Hotfix - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
Windows XP Hotfix - KB839643-->C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe
Windows XP Hotfix - KB839645-->C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
Windows XP Hotfix - KB840315-->C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
Windows XP Hotfix - KB840374-->C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
Windows XP Hotfix - KB840987-->C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
Windows XP Hotfix - KB841356-->C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
Windows XP Hotfix - KB841873-->C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe
Windows XP Hotfix - KB871250-->C:\WINDOWS\$NtUninstallKB871250$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883939-->"C:\WINDOWS\$NtUninstallKB883939-IE6SP1-20050428.125228$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->"C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe"
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923-IE6SP1-20050225.103456$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891711-->C:\WINDOWS\$NtUninstallKB891711$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892944-->"C:\WINDOWS\$NtUninstallKB892944$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Hotfix - KB896688-->"C:\WINDOWS\$NtUninstallKB896688-IE6SP1-20051004.130236$\spuninst\spuninst.exe"
Windows XP Hotfix - KB896727-->"C:\WINDOWS\$NtUninstallKB896727-IE6SP1-20050719.165959$\spuninst\spuninst.exe"
Windows XP Hotfix - KB897715-->"C:\WINDOWS\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"
Windows XP Hotfix - KB905915-->"C:\WINDOWS\$NtUninstallKB905915-IE6SP1-20051122.175908$\spuninst\spuninst.exe"
Windows XP Hotfix - KB911567-->"C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows XP Hotfix - KB912812-->"C:\WINDOWS\$NtUninstallKB912812-IE6SP1-20060322.182418$\spuninst\spuninst.exe"
Windows XP Hotfix - KB916281-->"C:\WINDOWS\$NtUninstallKB916281-IE6SP1-20060526.162249$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918439-->"C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918899-->"C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows XP Hotfix - KB925486-->"C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Windows XP Hotfix (SP2) [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q322011-->C:\WINDOWS\$NtUninstallQ322011$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q328310-->C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329441-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810565-->C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q811493-->C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q814033-->C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q814995-->C:\WINDOWS\$NtUninstallQ814995$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q817287-->C:\WINDOWS\$NtUninstallQ817287$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q817606-->C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q819696-->C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

System event log

Computer Name: TDAUMLAP
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 71672
Source Name: Service Control Manager
Time Written: 20081223145058.000000-300
Event Type: information
User:

Computer Name: TDAUMLAP
Event Code: 32003
Message: The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Record Number: 71671
Source Name: ipnathlp
Time Written: 20081223145058.000000-300
Event Type: error
User:

Computer Name: TDAUMLAP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 009096B0AA2B. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 71670
Source Name: Dhcp
Time Written: 20081223145057.000000-300
Event Type: warning
User:

Computer Name: TDAUMLAP
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{CE214DFA-0F5C-49FB-8B73-F0305D17838D} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 71669
Source Name: Tcpip
Time Written: 20081223145057.000000-300
Event Type: information
User:

Computer Name: TDAUMLAP
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{CE214DFA-0F5C-49FB-8B73-F0305D17838D} because a master browser was stopped.

Record Number: 71668
Source Name: BROWSER
Time Written: 20081223145057.000000-300
Event Type: information
User:

Application event log

Computer Name: TDAUMLAP
Event Code: 6
Message:


Scan could not open file C:\WINDOWS\$NtUninstallKB837001$\MSJETO~1.DLL [00000003]

Record Number: 19804
Source Name: Norton AntiVirus
Time Written: 20081209011009.000000-300
Event Type: warning
User:

Computer Name: TDAUMLAP
Event Code: 6
Message:


Scan could not open file C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll [00000003]

Record Number: 19803
Source Name: Norton AntiVirus
Time Written: 20081209011009.000000-300
Event Type: warning
User:

Computer Name: TDAUMLAP
Event Code: 6
Message:


Scan could not open file C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll [00000003]

Record Number: 19802
Source Name: Norton AntiVirus
Time Written: 20081209011009.000000-300
Event Type: warning
User:

Computer Name: TDAUMLAP
Event Code: 6
Message:


Scan could not open file C:\WINDOWS\$NtUninstallKB837001$\dao360.dll [00000003]

Record Number: 19801
Source Name: Norton AntiVirus
Time Written: 20081209011009.000000-300
Event Type: warning
User:

Computer Name: TDAUMLAP
Event Code: 6
Message:


Scan could not open file C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll [00000003]

Record Number: 19800
Source Name: Norton AntiVirus
Time Written: 20081209011009.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:03:34 AM

Posted 13 January 2009 - 01:03 AM

Spybot S&D Teatimer

From your log i can see this that you are running a Spybot S&D Teatimer. This might interfere with fixes we are about to do so we need to disable it.

Disable Spybot's TeaTimer. This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident
    Tea-Timer
    (Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Registry Fix with ERUNT
  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Posted Image
  • Backup your registry to the default location
Note: To restore your registry, go to the folder and start ERDNT.exe



OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below.
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AA1DDF4-CDBA-4A89-8BC1-A0A6B8AA054D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3A7B68E-B63D-4CC3-A406-EC09D85B6EF5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1D7827E-8874-4EBF-A699-05B6FE3C00B5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB639091-2A0C-4FAB-B366-55D1394D76A2}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"Windows Taskbar Manager"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRIyVmM]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

:files
c:\documents and settings\all users\start menu\programs\startup\internat.exe
C:\WINDOWS\System32\hrtkgtim.ini
C:\WINDOWS\System32\mitgktrh.dll
C:\WINDOWS\System32\vsjixwqk.ini
C:\WINDOWS\System32\atmlekni.ini
C:\WINDOWS\System32\qwavogio.ini
C:\WINDOWS\System32\6f672ca1-.txt
C:\Program Files\Common Files\mkkr

:commands
[EmptyTemp]
  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3
Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason it's extremely important that you keep the program up to date and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 11.
  • Go to HERE
  • Click on the link named Java Runtime Environment (JRE) 6 Update 11
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file and follow the on-screen instructions.
  • Reboot your computer
Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.
Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • OTMoveIt Log
  • Kaspersky Log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving

MRU Master of Malware Removal University

Member of UNITE and ASAP

#8 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:03:34 AM

Posted 16 January 2009 - 03:05 AM

Hello!

Do you still need my help?
MRU Master of Malware Removal University

Member of UNITE and ASAP

#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:34 AM

Posted 20 January 2009 - 08:24 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#10 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:34 AM

Posted 31 January 2009 - 03:20 AM

Reopened upon request.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#11 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:03:34 AM

Posted 31 January 2009 - 12:39 PM

Hello tunch!

We have to start from the beginning. Please follow thse instrctuions: Preparation Guide For Use Before Using Hijackthis and other Malware Removal Tools, Instructions for receiving help in cleaning your computer

How is the computer running now?
Have you done any cleaning on your own?

MRU Master of Malware Removal University

Member of UNITE and ASAP

#12 tunch

tunch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 31 January 2009 - 01:37 PM

Biohazard,

My apologies for the lapse.

The computer has not been used since our last posting two weeks ago, well...until last night's requests to you and Shaba. I have done no further cleaning. Knowing that, would it be possible to continue where we left off? I have attached the three requested reports.

If we need to start from the beginning, we can do that as well. Please advise.

Thank you.

tunch

Attached Files



#13 tunch

tunch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 31 January 2009 - 01:58 PM

Bio-Hazard,

In case we do need to start over, attached please find the two DDS files.

Thank you.

Tunch

Attached Files



#14 tunch

tunch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 31 January 2009 - 02:02 PM

This is the DDS post again, now following the instructions to paste one, attach the other.

Thanks!


DDS (Ver_09-01-07.01) - NTFSx86
Run by itcorp at 13:54:16.18 on Sat 01/31/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.245 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\itcorp\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://business.dellnet.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://business.dellnet.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://business.dellnet.com/
uInternet Connection Wizard,ShellNext = hxxp://business.dellnet.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6]
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [CARPService] carpserv.exe
mRun: [bascstray] BascsTray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f1u201~1.lnk - c:\program files\belkin\f1u201.401\usbshare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll

============= SERVICES / DRIVERS ===============

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-2-14 59328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-23 24652]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\system32\svchost.exe -k netsvcs [2004-10-15 12800]
S4 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]

=============== Created Last 30 ================

2009-01-30 19:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-30 19:44 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-30 19:07 <DIR> --d----- C:\_OTMoveIt
2009-01-11 17:28 <DIR> --d----- c:\program files\trend micro
2009-01-11 16:25 <DIR> --d----- c:\docume~1\itcorp\applic~1\Malwarebytes
2009-01-11 16:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-11 16:24 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 16:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-11 16:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 18:06 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2007-04-04 19:36 56,912 a------- c:\documents and settings\itcorp\g2mdlhlpx.exe

============= FINISH: 13:55:10.63 ===============

Attached Files



#15 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:03:34 AM

Posted 31 January 2009 - 03:32 PM

Update Adobe Reader

Please uninstall older version of Adobe Reader before installing the latest version
  • Click Start
  • Control Panel
  • Double clicking on Add/Remove Programs
  • Locate older version of Adobe Reader and click on Change/Remove to uninstall it
  • Click HERE to download the latest version of Adobe Acrobat Reader.
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Optional Fix

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself.

To uninstall the the Viewpoint components :
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.


    How to prevent it from being recreated every time you run the AOL software:
  • Open AOL
  • Go to Help on the toolbar
  • Select About AOL
  • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
random's system information tool (RSIT)

Go to this folder C:/rsit and delete everything inside it.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

MRU Master of Malware Removal University

Member of UNITE and ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users