Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

downloader, metajuan, vundo, virtumundo and more


  • This topic is locked This topic is locked
30 replies to this topic

#1 elroy325

elroy325

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 January 2009 - 10:20 AM

Hello, I am having problems with the internet on my computer. Im running windows xp. I get constant popups and my norton antivirus constantly finds things such as downloader, metajuan, vundo, virtumundo and spybot finds others as well. I have run spybot, adaware, vundofix, virtumundobegone, and hijack this (which I used to stop dlls in my system 32 folder known to be bad) In addition I have norton antivirus and zone alarm. however the problems keep coming back no sooner than they are removed. Spybot finds different things each time it scans so it doesnt seem to be just one problem. In fact the problem of popups and adware was happening days before vundo and virtumundo was being picked up by norton.

any help would be greatly appreciated
Thanks


DDS (Ver_09-01-07.01) - NTFSx86
Run by at 0:36:07.43 on Sun 01/11/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.381 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\me\Desktop\dds.scr
C:\WINDOWS\system32\findstr.exe
C:\DOCUME~1\me\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {c82b7ca4-6dd6-43da-8774-3fbdf4b91d76} - c:\windows\system32\bekehutu.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Morpheus Toolbar: {3f3714a9-89a4-46be-8af3-d0c9d1fb03f9} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [HostManager] c:\program files\common files\aol\1155845066\ee\AOLSoftware.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [pivadahoka] Rundll32.exe "c:\windows\system32\poviwumi.dll",s
mRun: [b83cae95] rundll32.exe "c:\windows\system32\yekotafo.dll",b
mRun: [CPMbb0f9d09] Rundll32.exe "c:\windows\system32\poroyoju.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\windows\system32\siwipuyo.dll c:\windows\system32\poroyoju.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\poroyoju.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\poroyoju.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Notification Packages = scecli c:\windows\system32\siwipuyo.dll

============= SERVICES / DRIVERS ===============

R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2007-3-12 164256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-6-1 394952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-2 99376]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2005-10-23 6942]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\naveng.sys [2009-1-9 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\navex15.sys [2009-1-9 876112]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\siriususb.sys --> c:\windows\system32\drivers\SiriusUSB.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2006-2-14 10880]
S4 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2005-10-23 28672]
S4 VRDVC20;Sony VRD-VC20 [Video Capture];c:\windows\system32\drivers\VRDVC20X.SYS [2004-11-9 31104]

=============== Created Last 30 ================

2009-01-10 23:04 1,213,744 ---sh--- c:\windows\system32\ofatokey.ini
2009-01-10 11:04 1,213,744 ---sh--- c:\windows\system32\akuresil.ini
2009-01-09 22:08 1,289,531 ---sh--- c:\windows\system32\omuvudes.ini
2009-01-08 15:49 1,289,531 ---sh--- c:\windows\system32\usenarad.ini
2009-01-08 03:48 1,276,161 ---sh--- c:\windows\system32\ugubomar.ini
2009-01-07 15:48 1,276,161 ---sh--- c:\windows\system32\awohaneg.ini
2009-01-06 20:23 1,276,161 ---sh--- c:\windows\system32\olanufit.ini
2009-01-06 07:26 1,268,190 ---sh--- c:\windows\system32\ulodayow.ini
2009-01-05 17:26 1,261,098 ---sh--- c:\windows\system32\ukijiton.ini
2009-01-04 15:37 375,808 a------- C:\kmd.exe
2009-01-04 12:01 1,262,093 ---sh--- c:\windows\system32\ovenubih.ini
2009-01-03 23:43 1,262,093 ---sh--- c:\windows\system32\ariwaluh.ini
2009-01-03 11:43 1,262,075 ---sh--- c:\windows\system32\ipuheyeh.ini
2009-01-02 11:25 1,307,355 a--sh--- c:\windows\system32\atfmfvbu.ini
2009-01-02 11:14 1,262,075 a--sh--- c:\windows\system32\apevilor.ini
2009-01-01 23:14 1,262,075 a--sh--- c:\windows\system32\inazavey.ini
2009-01-01 11:13 1,262,075 a--sh--- c:\windows\system32\odayapis.ini
2008-12-31 12:12 1,262,075 a--sh--- c:\windows\system32\osayihaj.ini
2008-12-31 11:52 129,024 a------- c:\windows\system32\hqiibt.dll
2008-12-31 11:52 129,024 a------- c:\windows\system32\hcvqckvo.dll
2008-12-31 11:49 1,307,356 a--sh--- c:\windows\system32\mownptbp.ini
2008-12-31 11:49 72,704 a------- c:\windows\system32\pbtpnwom.dll
2008-12-30 19:17 97 a------- c:\windows\system32\mcrh.tmp
2008-12-30 11:16 1,307,621 a--sh--- c:\windows\system32\tmcrssxa.ini
2008-12-29 22:46 1,307,934 a--sh--- c:\windows\system32\puowoxqx.ini
2008-12-29 22:31 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-29 22:31 1,409 a------- c:\windows\QTFont.for
2008-12-28 22:43 1,306,974 a--sh--- c:\windows\system32\pkwkyidb.ini
2008-12-27 19:55 1,306,974 a--sh--- c:\windows\system32\hospjqvx.ini
2008-12-27 19:55 72,704 a------- c:\windows\system32\xvqjpsoh.dll
2008-12-27 19:52 1,312 a--sh--- c:\windows\system32\sCJlTvut.ini2
2008-12-27 19:52 1,312 a--sh--- c:\windows\system32\sCJlTvut.ini
2008-12-27 19:47 <DIR> --d----- c:\program files\GetModule
2008-12-27 19:47 <DIR> --d----- c:\program files\iCheck
2008-12-27 19:47 198,716 a------- c:\windows\system32\wpv671229907565.cpx
2008-12-22 12:04 <DIR> --d----- c:\program files\Incomplete

==================== Find3M ====================

2009-01-10 23:04 103,159 a--sh--- c:\windows\system32\poroyoju.dll
2009-01-10 23:04 90,732 a--sh--- c:\windows\system32\yekotafo.dll
2009-01-10 14:31 103 a------- c:\program files\FxVMonde.log
2009-01-10 11:04 91,319 a--sh--- c:\windows\system32\liseruka.dll
2009-01-09 22:07 68,201 a--sh--- c:\windows\system32\dahihiwi.dll
2008-12-06 23:00 87,608 a------- c:\docume~1\me\applic~1\inst.exe
2008-12-06 23:00 47,360 a------- c:\docume~1\me\applic~1\pcouffin.sys
2008-12-06 22:58 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-10-10 21:57 26,416 a------- c:\docume~1\me\applic~1\GDIPFONTCACHEV1.DAT
2008-02-22 10:46 5,863,960 a------- c:\program files\SUPERAntiSpywarePro.exe
2008-02-22 10:46 50,688 a------- c:\program files\ATF-Cleaner.exe
2008-02-20 18:42 1,310,857 a------- c:\program files\SDFix.exe
2008-02-20 17:32 96,978 a------- c:\program files\VirtumundoBeGone.exe
2008-02-20 16:11 132,608 a------- c:\program files\VundoFix.exe
2008-02-20 11:40 1,734 a------- c:\program files\HijackThis.lnk
2008-02-20 11:40 812,344 a------- c:\program files\HJTInstall.exe
2008-02-19 16:18 168,592 a------- c:\program files\FxVMonde.exe
2007-11-30 17:09 3,380,048 a------- c:\program files\LimeWireWin.exe
2006-02-09 19:38 812,193 ac------ c:\program files\Christmas_Fun_Artwork_Installer_en.exe
2006-02-09 19:35 4,912,720 ac------ c:\program files\World_Traveler_Artwork_Installer_en.exe
2005-10-16 16:27 190,048 ac------ c:\program files\Morpheus.exe
2004-12-15 10:40 203,264 a------- c:\program files\HijackThis.exe
2003-09-12 14:18 12,760,064 ac------ c:\program files\BorisRED3 AE.aex
2003-03-10 22:10 23,725,470 ac------ c:\program files\Cleaner 5.2 Full(Autodesk-Discreet).exe
2002-07-26 17:02 153,088 a------- c:\program files\UNWISE.EXE
0000-00-00 00:00 2,048 a--sh--- c:\windows\system32\biserano.dll
2007-06-30 11:14 1,786 ac-sh--- c:\windows\system32\KGyGaAvL.sys
0000-00-00 00:00 68,201 a--sh--- c:\windows\system32\poviwumi.dll
0000-00-00 00:00 68,201 a--sh--- c:\windows\system32\siwipuyo.dll

============= FINISH: 0:38:19.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 12 January 2009 - 02:48 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 12 January 2009 - 09:54 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1647
Windows 5.1.2600 Service Pack 1

1/12/2009 9:37:07 PM
mbam-log-2009-01-12 (21-37-07).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 121016
Time elapsed: 2 hour(s), 21 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 19
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pehirema.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vebimayo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nizefipu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\migitiho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\defohesi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c82b7ca4-6dd6-43da-8774-3fbdf4b91d76} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c82b7ca4-6dd6-43da-8774-3fbdf4b91d76} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b83cae95 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmbb0f9d09 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pivadahoka (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nizefipu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nizefipu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nizefipu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\migitiho.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\migitiho.dll -> Delete on reboot.

Folders Infected:
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\liseruka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akuresil.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pbtpnwom.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mownptbp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pehirema.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\amerihep.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xvqjpsoh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hospjqvx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yekotafo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofatokey.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\migitiho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\defohesi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vebimayo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nizefipu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQB5D.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQB82.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090103-160252-955.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090102-112834-196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090102-112834-415.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090102-112834-935.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090103-160013-599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE70024-9393-4BD5-B6CE-76A66D06DF2F}\RP282\A0075463.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE70024-9393-4BD5-B6CE-76A66D06DF2F}\RP282\A0075464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE70024-9393-4BD5-B6CE-76A66D06DF2F}\RP282\A0075465.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE70024-9393-4BD5-B6CE-76A66D06DF2F}\RP287\A0081755.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE70024-9393-4BD5-B6CE-76A66D06DF2F}\RP287\A0081756.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE70024-9393-4BD5-B6CE-76A66D06DF2F}\RP287\A0081757.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE70024-9393-4BD5-B6CE-76A66D06DF2F}\RP292\A0083152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE70024-9393-4BD5-B6CE-76A66D06DF2F}\RP292\A0083153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqiibt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sosilore.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\titodopu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wibotelo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv671229907565.cpx (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuneyevi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcvqckvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

#4 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 12 January 2009 - 09:56 PM

info.txt logfile of random's system information tool 1.05 2009-01-12 21:53:35

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\UninstIPP.isu
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Deskbar-->"C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avid Xpress Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DA19A9E-D6B2-4DDE-A70D-6610CC9B3EDC}\setup.exe" -l0x9
Belkin F5D5000 Desktop PCI Card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1798227A-AA89-4C78-AF55-56A38E654788}\setup.exe" -l0x9 -removeonly
Boris Continuum Complete 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08C948FC-1461-4C06-A12B-F6655189F535}\Setup.exe" -l0x9
Boris RED-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DB53782-1B4B-4E76-A30B-232BEDB8FE7B}\setup.exe" -l0x9
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
Canon i455-->C:\WINDOWS\System32\CNMCP5i.exe "-PRINTERNAMECanon i455" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i455 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i455 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_140b6\uninstall.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
FinePixViewer Resource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GenArts Sapphire for AVX 1.21-->C:\PROGRA~1\GenArts\UNWISE.EXE C:\PROGRA~1\GenArts\INSTALL.LOG
G-Force-->C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HistoryKill-->C:\WINDOWS\iun506.exe C:\Program Files\HistoryKill\irunin.ini
Hockenberry Wong's Essentials of Pediatric Nursing, 7e-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{031E94EF-CDB2-4B4A-A84F-D641AB9DCAEC}\setup.exe" -l0x9
ImageMixer VCD2 LE for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
Intelligent Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84CCD292-06FC-4722-9401-9444AB15E22A}\Setup.exe" -l0x9
iTunes-->MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
LimeWire 4.14.10-->"C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft DirectX 9.0b - KB830363-->C:\WINDOWS\$NtUninstallKB830363$\spuninst\spuninst.exe
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mosby's Comprehensive Review of Nursing for the NCLEX-RNŽ, 18th Edition-->C:\WINDOWS\iun6002.exe "C:\Program Files\Saxton NCLEX-RNŽ 18e\irunin.ini"
NCLEX-RN Review-->C:\PROGRA~1\LWW\Smeltzer\UNWISE32.EXE C:\PROGRA~1\LWW\Smeltzer\INSTALL.LOG
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
palmOne-->MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A}
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PDMarq Audio Recorder 5.2-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\PDMarq Audio Recorder\ST6UNST.LOG"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic-->"C:\Program Files\Registry Mechanic\unins000.exe"
Remove DivX Pro Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Pro Codec\UninstalDivXProCodec.log
Roxio PhotoSuite 5 LITE-->MsiExec.exe /I{DDE774AC-DC9E-435A-BFF9-1992F89565E4}
Saunders NCLEX-RN4e-->C:\Program Files\Saunders Comprehensive NCLEX-RN Review 4e\uninst.exe
Sentinel System Driver 5.41.0 (32-bit)-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
Sony DVD Architect 2.0-->MsiExec.exe /I{47786B84-92C1-4706-BDDD-5CFFA6720C18}
Sorenson Squeeze-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88BFBE72-7E9C-4DED-AF1D-1245ACE3C213}\setup.exe" -l0x9 -uninst
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
TOSHIBA gigabeat applications 2.0.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33DF47F1-B83A-4EB5-AA56-EAB28A1EAE14}\setup.exe" UNINSTALLUNINSTALL
Tutor-->C:\PROGRA~1\TUTOR6~1\UNWISE.EXE C:\PROGRA~1\TUTOR6~1\EXINST.LOG
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
USB-706 Vibration Joystick-->C:\PROGRA~1\USBVIB~1\UNWISE.EXE C:\PROGRA~1\USBVIB~1\INSTALL.LOG
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB828756-->C:\WINDOWS\$NtUninstallKB828756$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost

System event log

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 51799
Source Name: Service Control Manager
Time Written: 20081117181319.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 51798
Source Name: Service Control Manager
Time Written: 20081117181315.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 51797
Source Name: Service Control Manager
Time Written: 20081117181313.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 51796
Source Name: Service Control Manager
Time Written: 20081117181310.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 51795
Source Name: Service Control Manager
Time Written: 20081117181307.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: YOU-J6KB0NJQTKB
Event Code: 6
Message:


Could not scan 2 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit15.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 70942
Source Name: Symantec AntiVirus
Time Written: 20081229204309.000000-300
Event Type: warning
User:

Computer Name: YOU-J6KB0NJQTKB
Event Code: 6
Message:


Could not scan 2 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit14.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 70941
Source Name: Symantec AntiVirus
Time Written: 20081229204309.000000-300
Event Type: warning
User:

Computer Name: YOU-J6KB0NJQTKB
Event Code: 6
Message:


Could not scan 2 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit13.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 70940
Source Name: Symantec AntiVirus
Time Written: 20081229204309.000000-300
Event Type: warning
User:

Computer Name: YOU-J6KB0NJQTKB
Event Code: 6
Message:


Could not scan 2 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit12.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 70939
Source Name: Symantec AntiVirus
Time Written: 20081229204309.000000-300
Event Type: warning
User:

Computer Name: YOU-J6KB0NJQTKB
Event Code: 6
Message:


Could not scan 2 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit11.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 70938
Source Name: Symantec AntiVirus
Time Written: 20081229204309.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"PS5ROOT"=C:\Program Files\Roxio\PhotoSuite\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by elroy325, 12 January 2009 - 09:59 PM.


#5 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 12 January 2009 - 10:00 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by me at 2009-01-12 21:53:11
Microsoft Windows XP Professional Service Pack 1
System drive C: has 10 GB (13%) free of 76 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:31 PM, on 1/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\me\Desktop\RSIT.exe
C:\Program Files\trend micro\me.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-20\..\Run: [pivadahoka] Rundll32.exe "C:\WINDOWS\System32\defohesi.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\siwipuyo.dll,C:\WINDOWS\System32\poviwumi.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7999 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PDMarq Audio Recorder.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2003-04-28 360448]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 842268]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-01 262144]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-23 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SSC_UserPrompt"=C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2007-09-22 212992]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2002-12-19 69632]
"HostManager"=C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe [2007-09-22 45056]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-03-14 125632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-31 271672]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-06-28 622592]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-06-29 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-07 1871872]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-09 68856]
"AOL Fast Start"=C:\Program Files\America Online 9.0\AOL.EXE [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
C:\Program Files\HistoryKill\histkill.exe [2003-05-21 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe [2007-09-22 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-02-20 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosGbWatcher]
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe [2005-04-26 118837]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\siwipuyo.dll,C:\WINDOWS\System32\poviwumi.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\System32\siwipuyo.dll
C:\WINDOWS\System32\poviwumi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\yehebaya.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\tamuyali.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\siwipuyo.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\regisifo.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\poviwumi.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\poroyoju.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\nukolako.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\nudehiye.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\lafeziwi.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\kawenola.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\dahihiwi.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\biserano.dll
6118-30709-30709 6066:30709:16 ----AH---- C:\WINDOWS\System32\bekehutu.dll.tmp
2009-01-12 21:53:11 ----D---- C:\rsit
2009-01-12 18:16:06 ----D---- C:\Documents and Settings\me\Application Data\Malwarebytes
2009-01-12 18:15:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-12 18:15:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-09 22:08:03 ----SH---- C:\WINDOWS\System32\omuvudes.ini
2009-01-08 15:49:04 ----SH---- C:\WINDOWS\System32\usenarad.ini
2009-01-08 03:48:59 ----SH---- C:\WINDOWS\System32\ugubomar.ini
2009-01-07 15:48:49 ----SH---- C:\WINDOWS\System32\awohaneg.ini
2009-01-06 20:23:06 ----SH---- C:\WINDOWS\System32\olanufit.ini
2009-01-06 07:26:35 ----SH---- C:\WINDOWS\System32\ulodayow.ini
2009-01-05 17:26:26 ----SH---- C:\WINDOWS\System32\ukijiton.ini
2009-01-04 15:37:21 ----A---- C:\kmd.exe
2009-01-04 12:01:47 ----SH---- C:\WINDOWS\System32\ovenubih.ini
2009-01-03 23:43:33 ----SH---- C:\WINDOWS\System32\ariwaluh.ini
2009-01-03 11:43:08 ----SH---- C:\WINDOWS\System32\ipuheyeh.ini
2009-01-02 11:25:33 ----ASH---- C:\WINDOWS\System32\atfmfvbu.ini
2009-01-02 11:14:36 ----ASH---- C:\WINDOWS\System32\apevilor.ini
2009-01-01 23:14:09 ----ASH---- C:\WINDOWS\System32\inazavey.ini
2009-01-01 11:13:48 ----ASH---- C:\WINDOWS\System32\odayapis.ini
2008-12-31 12:12:17 ----ASH---- C:\WINDOWS\System32\osayihaj.ini
2008-12-30 11:16:38 ----ASH---- C:\WINDOWS\System32\tmcrssxa.ini
2008-12-29 22:46:08 ----ASH---- C:\WINDOWS\System32\puowoxqx.ini
2008-12-28 22:43:39 ----ASH---- C:\WINDOWS\System32\pkwkyidb.ini
2008-12-27 19:54:49 ----A---- C:\WINDOWS\System32\b31f6aeb-.txt
2008-12-27 19:52:46 ----ASH---- C:\WINDOWS\System32\sCJlTvut.ini2
2008-12-27 19:52:44 ----ASH---- C:\WINDOWS\System32\sCJlTvut.ini
2008-12-22 12:04:47 ----D---- C:\Program Files\Incomplete
2008-12-06 22:58:31 ----A---- C:\Documents and Settings\me\Application Data\inst.exe
2008-12-06 22:58:30 ----D---- C:\Documents and Settings\me\Application Data\Vso
2008-12-06 22:58:20 ----A---- C:\WINDOWS\System32\sipr3260.dll
2008-12-06 22:58:19 ----A---- C:\WINDOWS\System32\drv43260.dll
2008-12-06 22:58:19 ----A---- C:\WINDOWS\System32\drv33260.dll
2008-12-06 22:58:19 ----A---- C:\WINDOWS\System32\drv23260.dll
2008-12-06 22:58:19 ----A---- C:\WINDOWS\System32\cook3260.dll
2008-12-06 22:58:16 ----D---- C:\Program Files\VSO
2008-12-06 22:55:40 ----D---- C:\Documents and Settings\me\Application Data\AVS4YOU
2008-12-06 22:55:33 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-12-06 22:54:23 ----D---- C:\Program Files\Common Files\AVSMedia
2008-12-06 22:54:03 ----D---- C:\Program Files\AVS4YOU
2008-12-06 22:54:03 ----A---- C:\WINDOWS\System32\msxml3a.dll
2008-12-06 22:54:03 ----A---- C:\WINDOWS\System32\GdiPlus.dll
2008-12-06 22:17:15 ----D---- C:\Documents and Settings\me\Application Data\Any Video Converter
2008-12-06 22:17:11 ----D---- C:\Program Files\Any Video Converter
2008-12-06 21:51:44 ----D---- C:\Documents and Settings\me\Application Data\4Media Software Studio
2008-12-06 21:48:57 ----D---- C:\Documents and Settings\me\Application Data\NCH Software
2008-12-06 21:45:38 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-12-06 21:45:19 ----D---- C:\Program Files\NCH Software
2008-12-06 13:02:45 ----D---- C:\Program Files\movie maker
2008-12-02 19:45:16 ----D---- C:\Program Files\Avery Dennison
2008-11-09 13:58:56 ----D---- C:\Program Files\Mosby

======List of files/folders modified in the last 3 months======

2009-01-12 21:53:31 ----D---- C:\Program Files\Trend Micro
2009-01-12 21:53:17 ----D---- C:\WINDOWS\Prefetch
2009-01-12 21:52:32 ----D---- C:\WINDOWS\Internet Logs
2009-01-12 21:51:23 ----A---- C:\VETlog.txt
2009-01-12 21:51:01 ----A---- C:\WINDOWS\win.ini
2009-01-12 21:50:29 ----D---- C:\Program Files\Symantec AntiVirus
2009-01-12 21:48:56 ----D---- C:\WINDOWS\TEMP
2009-01-12 21:48:02 ----D---- C:\WINDOWS\Debug
2009-01-12 21:46:42 ----SHD---- C:\WINDOWS\system32
2009-01-12 21:46:41 ----D---- C:\WINDOWS\System32\drivers
2009-01-12 21:45:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-12 21:37:07 ----AD---- C:\Program Files
2009-01-12 17:20:38 ----D---- C:\WINDOWS
2009-01-11 13:35:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 00:05:56 ----SHD---- C:\WINDOWS\CSC
2009-01-10 15:29:47 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-10 14:14:07 ----A---- C:\VundoFix.txt
2009-01-07 21:27:06 ----SHD---- C:\WINDOWS\Installer
2009-01-07 19:49:33 ----D---- C:\Program Files\backups
2009-01-03 19:02:22 ----D---- C:\WINDOWS\System32\CatRoot2
2008-12-29 22:17:47 ----D---- C:\Program Files\Saxton NCLEX-RNŽ 18e
2008-12-29 21:12:48 ----D---- C:\Program Files\palmOne
2008-12-29 19:41:07 ----D---- C:\Program Files\HistoryKill
2008-12-29 01:35:41 ----SD---- C:\WINDOWS\Tasks
2008-12-23 18:37:15 ----D---- C:\Program Files\LimeWire
2008-12-22 15:04:33 ----D---- C:\WINDOWS\security
2008-12-20 19:38:21 ----D---- C:\OMFI MediaFiles
2008-12-20 19:11:33 ----D---- C:\Temp
2008-12-18 22:36:41 ----HD---- C:\WINDOWS\inf
2008-12-13 15:01:05 ----AC---- C:\WINDOWS\CDex.INI
2008-12-08 18:21:24 ----RSD---- C:\WINDOWS\assembly
2008-12-08 18:21:24 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-08 18:10:46 ----AC---- C:\WINDOWS\System32\PerfStringBackup.INI
2008-12-08 18:08:28 ----D---- C:\WINDOWS\Registration
2008-12-08 18:01:39 ----D---- C:\WINDOWS\WinSxS
2008-12-08 18:00:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-08 18:00:36 ----D---- C:\Program Files\Internet Explorer
2008-12-08 18:00:13 ----D---- C:\WINDOWS\PCHealth
2008-12-06 22:54:23 ----D---- C:\Program Files\Common Files
2008-12-06 11:53:28 ----D---- C:\WINDOWS\LastGood
2008-12-06 11:45:35 ----RSHDC---- C:\WINDOWS\System32\dllcache
2008-12-06 11:45:24 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-02 19:45:23 ----SD---- C:\Documents and Settings\me\Application Data\Microsoft
2008-11-29 10:29:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-12 13:20:26 ----A---- C:\WINDOWS\System32\BorisFX BCC.ini
2008-11-11 17:57:36 ----AC---- C:\WINDOWS\BorisRED3.0.ini
2008-11-09 13:58:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-08 16:29:42 ----D---- C:\Program Files\FinePixViewer
2008-11-03 17:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-02 14:51:30 ----D---- C:\Documents and Settings\me\Application Data\Tutor
2008-10-23 17:45:28 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2002-12-16 64336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2002-12-16 24839]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-02-12 196752]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 ASCTRM;ASCTRM; C:\WINDOWS\System32\drivers\ASCTRM.sys [2008-02-20 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\Aspi32.sys [2001-02-01 25244]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 hardlock;hardlock; \??\C:\WINDOWS\System32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\System32\drivers\Haspnt.sys []
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MCSTRM;MCSTRM; C:\WINDOWS\System32\drivers\MCSTRM.sys [2005-09-15 8413]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-09-26 76288]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [2001-08-17 73279]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Msikbd2k;DellTouch; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2000-10-03 6942]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
R3 RTL8023xp;Belkin F5D5000 v2000 Desktop PCI Card all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-05-28 500568]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\System32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-02-12 24720]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-10-14 25216]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-10-23 53120]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-10-14 19328]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2001-08-17 13952]
S2 VRDVC20;Sony VRD-VC20 [Video Capture]; C:\WINDOWS\System32\Drivers\VRDVC20X.SYS [2004-11-09 31104]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2002-08-29 46080]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2002-08-29 36224]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-19 11904]
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\me\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2003-02-17 16384]
S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\System32\DRIVERS\emDevice.sys [2004-04-06 100957]
S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\System32\DRIVERS\emFilter.sys [2004-04-06 5245]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2003-02-17 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2003-02-17 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2003-02-17 10112]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-09-13 16694]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-06 47360]
S3 PortlUSB;PortlUSB; C:\WINDOWS\System32\DRIVERS\SiriusUSB.sys []
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-23 25434]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\System32\DRIVERS\emScan.sys [2004-04-06 4493]
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\System32\DRIVERS\scsiscan.sys [2001-08-17 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2003-02-17 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2003-02-17 14976]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-10-23 30464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2003-02-17 18688]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 AvidSDMService;Avid SDM Service; C:\WINDOWS\system32\AvidSDMService.exe [2004-06-15 57344]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-31 501048]
S2 AvidStartup;Avid Startup; C:\WINDOWS\system32\AvidStartup.exe [2004-06-15 1114112]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
S4 Nhksrv;Netropa NHK Server; C:\WINDOWS\Nhksrv.exe [2001-08-06 28672]

-----------------EOF-----------------

#6 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 12 January 2009 - 10:38 PM

gmer

Attached Files

  • Attached File  gmer.log   38.24KB   25 downloads


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 12 January 2009 - 11:33 PM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)




NEXT


Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-20\..\Run: [pivadahoka] Rundll32.exe "C:\WINDOWS\System32\defohesi.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: C:\WINDOWS\System32\siwipuyo.dll,C:\WINDOWS\System32\poviwumi.dll


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\System32\defohesi.dll
    C:\WINDOWS\System32\poviwumi.dll
    C:\WINDOWS\System32\siwipuyo.dll
    C:\WINDOWS\System32\yehebaya.dll
    C:\WINDOWS\System32\tamuyali.dll
    C:\WINDOWS\System32\siwipuyo.dll.tmp
    C:\WINDOWS\System32\regisifo.dll.tmp
    C:\WINDOWS\System32\poviwumi.dll.tmp
    C:\WINDOWS\System32\poroyoju.dll
    C:\WINDOWS\System32\nukolako.dll
    C:\WINDOWS\System32\nudehiye.dll.tmp
    C:\WINDOWS\System32\lafeziwi.dll
    C:\WINDOWS\System32\kawenola.dll.tmp
    C:\WINDOWS\System32\dahihiwi.dll
    C:\WINDOWS\System32\biserano.dll
    C:\WINDOWS\System32\bekehutu.dll.tmp
    C:\WINDOWS\System32\omuvudes.ini
    C:\WINDOWS\System32\usenarad.ini
    C:\WINDOWS\System32\ugubomar.ini
    C:\WINDOWS\System32\awohaneg.ini
    C:\WINDOWS\System32\olanufit.ini
    C:\WINDOWS\System32\ulodayow.ini
    C:\WINDOWS\System32\ukijiton.ini
    C:\kmd.exe
    C:\WINDOWS\System32\ovenubih.ini
    C:\WINDOWS\System32\ariwaluh.ini
    C:\WINDOWS\System32\ipuheyeh.ini
    C:\WINDOWS\System32\atfmfvbu.ini
    C:\WINDOWS\System32\apevilor.ini
    C:\WINDOWS\System32\inazavey.ini
    C:\WINDOWS\System32\odayapis.ini
    C:\WINDOWS\System32\osayihaj.ini
    C:\WINDOWS\System32\tmcrssxa.ini
    C:\WINDOWS\System32\puowoxqx.ini
    C:\WINDOWS\System32\pkwkyidb.ini
    C:\WINDOWS\System32\b31f6aeb-.txt
    C:\WINDOWS\System32\sCJlTvut.ini2
    C:\WINDOWS\System32\sCJlTvut.ini
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 13 January 2009 - 05:48 PM

i havent been getting the pop ups adn my antivirus hasnt been auto acting on any threats since the last process I followed from you. do I still need to continue with the next steps?

thanks again

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 13 January 2009 - 10:24 PM

i havent been getting the pop ups adn my antivirus hasnt been auto acting on any threats since the last process I followed from you. do I still need to continue with the next steps?

thanks again


Yes please.. :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 14 January 2009 - 04:59 PM

when downloading the newest version of java it warns me that its not supported by my OS. (I have win xp sp1)
should I still do it?

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 15 January 2009 - 02:39 AM

Proceed with the next step please :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 15 January 2009 - 04:42 PM

OK, I ran OTMoveIt3.exe and it told me it needed to reboot to fix the problems. this was before I copied and pasted the codebox contents. I said No. then when I copied the codebox contents and pasted it to the "Paste List of Files/Folders to Move" and hit "move it" it said error and couldnt do it. So i ran it again and this time rebooted. when the computer rebooted the OTMoveIt3 program was no longer on my desktop. what should i do?

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 16 January 2009 - 01:08 AM

Run RSIT again and post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 20 January 2009 - 08:14 PM

info.txt logfile of random's system information tool 1.05 2009-01-20 20:10:11

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\UninstIPP.isu
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Deskbar-->"C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avid Xpress Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DA19A9E-D6B2-4DDE-A70D-6610CC9B3EDC}\setup.exe" -l0x9
Belkin F5D5000 Desktop PCI Card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1798227A-AA89-4C78-AF55-56A38E654788}\setup.exe" -l0x9 -removeonly
Boris Continuum Complete 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08C948FC-1461-4C06-A12B-F6655189F535}\Setup.exe" -l0x9
Boris RED-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DB53782-1B4B-4E76-A30B-232BEDB8FE7B}\setup.exe" -l0x9
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
Canon i455-->C:\WINDOWS\System32\CNMCP5i.exe "-PRINTERNAMECanon i455" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i455 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i455 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_140b6\uninstall.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
FinePixViewer Resource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GenArts Sapphire for AVX 1.21-->C:\PROGRA~1\GenArts\UNWISE.EXE C:\PROGRA~1\GenArts\INSTALL.LOG
G-Force-->C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HistoryKill-->C:\WINDOWS\iun506.exe C:\Program Files\HistoryKill\irunin.ini
Hockenberry Wong's Essentials of Pediatric Nursing, 7e-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{031E94EF-CDB2-4B4A-A84F-D641AB9DCAEC}\setup.exe" -l0x9
ImageMixer VCD2 LE for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
Intelligent Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84CCD292-06FC-4722-9401-9444AB15E22A}\Setup.exe" -l0x9
iTunes-->MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LimeWire 4.14.10-->"C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft DirectX 9.0b - KB830363-->C:\WINDOWS\$NtUninstallKB830363$\spuninst\spuninst.exe
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mosby's Comprehensive Review of Nursing for the NCLEX-RNŽ, 18th Edition-->C:\WINDOWS\iun6002.exe "C:\Program Files\Saxton NCLEX-RNŽ 18e\irunin.ini"
NCLEX-RN Review-->C:\PROGRA~1\LWW\Smeltzer\UNWISE32.EXE C:\PROGRA~1\LWW\Smeltzer\INSTALL.LOG
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
palmOne-->MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A}
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PDMarq Audio Recorder 5.2-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\PDMarq Audio Recorder\ST6UNST.LOG"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic-->"C:\Program Files\Registry Mechanic\unins000.exe"
Remove DivX Pro Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Pro Codec\UninstalDivXProCodec.log
Roxio PhotoSuite 5 LITE-->MsiExec.exe /I{DDE774AC-DC9E-435A-BFF9-1992F89565E4}
Saunders NCLEX-RN4e-->C:\Program Files\Saunders Comprehensive NCLEX-RN Review 4e\uninst.exe
Sentinel System Driver 5.41.0 (32-bit)-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
Sony DVD Architect 2.0-->MsiExec.exe /I{47786B84-92C1-4706-BDDD-5CFFA6720C18}
Sorenson Squeeze-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88BFBE72-7E9C-4DED-AF1D-1245ACE3C213}\setup.exe" -l0x9 -uninst
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
TOSHIBA gigabeat applications 2.0.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33DF47F1-B83A-4EB5-AA56-EAB28A1EAE14}\setup.exe" UNINSTALLUNINSTALL
Tutor-->C:\PROGRA~1\TUTOR6~1\UNWISE.EXE C:\PROGRA~1\TUTOR6~1\EXINST.LOG
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
USB-706 Vibration Joystick-->C:\PROGRA~1\USBVIB~1\UNWISE.EXE C:\PROGRA~1\USBVIB~1\INSTALL.LOG
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB828756-->C:\WINDOWS\$NtUninstallKB828756$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost

System event log

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 52230
Source Name: Service Control Manager
Time Written: 20081130131825.000000-300
Event Type: information
User:

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 52229
Source Name: Service Control Manager
Time Written: 20081130131820.000000-300
Event Type: information
User:

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 52228
Source Name: Service Control Manager
Time Written: 20081130131819.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 52227
Source Name: Service Control Manager
Time Written: 20081130130812.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOU-J6KB0NJQTKB
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 52226
Source Name: Service Control Manager
Time Written: 20081130123756.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: YOU-J6KB0NJQTKB
Event Code: 34
Message: The 'Symantec Event Manager' service is starting.

Record Number: 71126
Source Name: ccEvtMgr
Time Written: 20081231120841.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOU-J6KB0NJQTKB
Event Code: 35
Message: The 'Symantec Settings Manager' service has started.

Record Number: 71125
Source Name: ccSetMgr
Time Written: 20081231120835.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOU-J6KB0NJQTKB
Event Code: 34
Message: The 'Symantec Settings Manager' service is starting.

Record Number: 71124
Source Name: ccSetMgr
Time Written: 20081231120833.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOU-J6KB0NJQTKB
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2800.1106, faulting module webvw.dll, version 6.0.2800.1106, fault address 0x0000510b.

Record Number: 71123
Source Name: Application Error
Time Written: 20081231120012.000000-300
Event Type: error
User:

Computer Name: YOU-J6KB0NJQTKB
Event Code: 1002
Message: The shell stopped unexpectedly and Explorer.exe was restarted.

Record Number: 71122
Source Name: Winlogon
Time Written: 20081231115641.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"PS5ROOT"=C:\Program Files\Roxio\PhotoSuite\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by me at 2009-01-20 20:09:39
Microsoft Windows XP Professional Service Pack 1
System drive C: has 18 GB (24%) free of 76 GB
Total RAM: 1023 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:06 PM, on 1/20/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PDMarq Audio Recorder\PDMarq Audio Recorder.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\me\Desktop\RSIT.exe
C:\Program Files\trend micro\me.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-20\..\Run: [pivadahoka] Rundll32.exe "C:\WINDOWS\System32\defohesi.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8499 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PDMarq Audio Recorder.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2003-04-28 360448]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 842268]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-01 262144]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-23 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SSC_UserPrompt"=C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2007-09-22 212992]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2002-12-19 69632]
"HostManager"=C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe [2007-09-22 45056]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-03-14 125632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-31 271672]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-06-28 622592]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-06-29 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-15 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-07 1871872]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-09 68856]
"AOL Fast Start"=C:\Program Files\America Online 9.0\AOL.EXE [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
C:\Program Files\HistoryKill\histkill.exe [2003-05-21 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe [2007-09-22 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-02-20 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosGbWatcher]
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe [2005-04-26 118837]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\System32\siwipuyo.dll
C:\WINDOWS\System32\poviwumi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\yehebaya.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\tamuyali.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\siwipuyo.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\regisifo.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\poviwumi.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\poroyoju.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\nukolako.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\nudehiye.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\lafeziwi.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\kawenola.dll.tmp
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\dahihiwi.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\biserano.dll
6118-30709-30709 6066:30709:16 ----AH---- C:\WINDOWS\System32\bekehutu.dll.tmp
2009-01-20 20:09:39 ----D---- C:\rsit
2009-01-15 20:31:44 ----D---- C:\Documents and Settings\me\Application Data\PC-FAX TX
2009-01-15 17:26:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-15 17:13:49 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-15 16:26:07 ----A---- C:\WINDOWS\System32\javaws.exe
2009-01-15 16:26:07 ----A---- C:\WINDOWS\System32\deploytk.dll
2009-01-15 16:26:06 ----A---- C:\WINDOWS\System32\javaw.exe
2009-01-15 16:26:06 ----A---- C:\WINDOWS\System32\java.exe
2009-01-14 16:58:37 ----D---- C:\Program Files\MetaStream
2009-01-14 16:57:35 ----D---- C:\Program Files\javaRa
2009-01-12 18:16:06 ----D---- C:\Documents and Settings\me\Application Data\Malwarebytes
2009-01-12 18:15:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-12 18:15:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-09 22:08:03 ----SH---- C:\WINDOWS\System32\omuvudes.ini
2009-01-08 15:49:04 ----SH---- C:\WINDOWS\System32\usenarad.ini
2009-01-08 03:48:59 ----SH---- C:\WINDOWS\System32\ugubomar.ini
2009-01-07 15:48:49 ----SH---- C:\WINDOWS\System32\awohaneg.ini
2009-01-06 20:23:06 ----SH---- C:\WINDOWS\System32\olanufit.ini
2009-01-06 07:26:35 ----SH---- C:\WINDOWS\System32\ulodayow.ini
2009-01-05 17:26:26 ----SH---- C:\WINDOWS\System32\ukijiton.ini
2009-01-04 15:37:21 ----A---- C:\kmd.exe
2009-01-04 12:01:47 ----SH---- C:\WINDOWS\System32\ovenubih.ini
2009-01-03 23:43:33 ----SH---- C:\WINDOWS\System32\ariwaluh.ini
2009-01-03 11:43:08 ----SH---- C:\WINDOWS\System32\ipuheyeh.ini
2009-01-02 11:25:33 ----ASH---- C:\WINDOWS\System32\atfmfvbu.ini
2009-01-02 11:14:36 ----ASH---- C:\WINDOWS\System32\apevilor.ini
2009-01-01 23:14:09 ----ASH---- C:\WINDOWS\System32\inazavey.ini
2009-01-01 11:13:48 ----ASH---- C:\WINDOWS\System32\odayapis.ini
2008-12-31 12:12:17 ----ASH---- C:\WINDOWS\System32\osayihaj.ini
2008-12-30 11:16:38 ----ASH---- C:\WINDOWS\System32\tmcrssxa.ini
2008-12-29 22:46:08 ----ASH---- C:\WINDOWS\System32\puowoxqx.ini
2008-12-28 22:43:39 ----ASH---- C:\WINDOWS\System32\pkwkyidb.ini
2008-12-27 19:54:49 ----A---- C:\WINDOWS\System32\b31f6aeb-.txt
2008-12-27 19:52:46 ----ASH---- C:\WINDOWS\System32\sCJlTvut.ini2
2008-12-27 19:52:44 ----ASH---- C:\WINDOWS\System32\sCJlTvut.ini
2008-12-22 12:04:47 ----D---- C:\Program Files\Incomplete
2008-12-06 22:58:31 ----A---- C:\Documents and Settings\me\Application Data\inst.exe
2008-12-06 22:58:30 ----D---- C:\Documents and Settings\me\Application Data\Vso
2008-12-06 22:58:20 ----A---- C:\WINDOWS\System32\sipr3260.dll
2008-12-06 22:58:19 ----A---- C:\WINDOWS\System32\drv43260.dll
2008-12-06 22:58:19 ----A---- C:\WINDOWS\System32\drv33260.dll
2008-12-06 22:58:19 ----A---- C:\WINDOWS\System32\drv23260.dll
2008-12-06 22:58:19 ----A---- C:\WINDOWS\System32\cook3260.dll
2008-12-06 22:58:16 ----D---- C:\Program Files\VSO
2008-12-06 22:55:40 ----D---- C:\Documents and Settings\me\Application Data\AVS4YOU
2008-12-06 22:55:33 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-12-06 22:54:23 ----D---- C:\Program Files\Common Files\AVSMedia
2008-12-06 22:54:03 ----D---- C:\Program Files\AVS4YOU
2008-12-06 22:54:03 ----A---- C:\WINDOWS\System32\msxml3a.dll
2008-12-06 22:54:03 ----A---- C:\WINDOWS\System32\GdiPlus.dll
2008-12-06 22:17:15 ----D---- C:\Documents and Settings\me\Application Data\Any Video Converter
2008-12-06 22:17:11 ----D---- C:\Program Files\Any Video Converter
2008-12-06 21:51:44 ----D---- C:\Documents and Settings\me\Application Data\4Media Software Studio
2008-12-06 21:48:57 ----D---- C:\Documents and Settings\me\Application Data\NCH Software
2008-12-06 21:45:38 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-12-06 21:45:19 ----D---- C:\Program Files\NCH Software
2008-12-06 13:02:45 ----D---- C:\Program Files\movie maker
2008-12-02 19:45:16 ----D---- C:\Program Files\Avery Dennison
2008-11-09 13:58:56 ----D---- C:\Program Files\Mosby

======List of files/folders modified in the last 3 months======

2009-01-20 20:09:47 ----D---- C:\WINDOWS\Prefetch
2009-01-20 20:09:47 ----D---- C:\Program Files\Trend Micro
2009-01-20 19:19:10 ----D---- C:\WINDOWS\Internet Logs
2009-01-20 09:47:37 ----A---- C:\WINDOWS\win.ini
2009-01-20 09:47:03 ----D---- C:\Program Files\Symantec AntiVirus
2009-01-20 09:44:58 ----D---- C:\WINDOWS\TEMP
2009-01-20 09:44:00 ----D---- C:\WINDOWS\Debug
2009-01-20 09:43:24 ----SHD---- C:\WINDOWS\CSC
2009-01-16 11:19:08 ----A---- C:\WINDOWS\Brpfx04a.ini
2009-01-15 20:33:13 ----SHD---- C:\WINDOWS\system32
2009-01-15 20:32:05 ----A---- C:\WINDOWS\brpcfx.ini
2009-01-15 17:28:24 ----D---- C:\WINDOWS
2009-01-15 17:17:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-15 17:14:51 ----AD---- C:\Program Files
2009-01-15 16:31:21 ----D---- C:\WINDOWS\System32\drivers
2009-01-15 16:28:52 ----D---- C:\Program Files\backups
2009-01-15 16:26:21 ----SHD---- C:\WINDOWS\Installer
2009-01-15 16:25:38 ----D---- C:\Program Files\Java
2009-01-15 09:42:25 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-14 22:25:34 ----A---- C:\VETlog.txt
2009-01-14 16:56:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-10 15:29:47 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-03 19:02:22 ----D---- C:\WINDOWS\System32\CatRoot2
2008-12-29 22:17:47 ----D---- C:\Program Files\Saxton NCLEX-RNŽ 18e
2008-12-29 21:12:48 ----D---- C:\Program Files\palmOne
2008-12-29 19:41:07 ----D---- C:\Program Files\HistoryKill
2008-12-29 01:35:41 ----SD---- C:\WINDOWS\Tasks
2008-12-23 18:37:15 ----D---- C:\Program Files\LimeWire
2008-12-22 15:04:33 ----D---- C:\WINDOWS\security
2008-12-20 19:38:21 ----D---- C:\OMFI MediaFiles
2008-12-20 19:11:33 ----D---- C:\Temp
2008-12-18 22:36:41 ----HD---- C:\WINDOWS\inf
2008-12-13 15:01:05 ----AC---- C:\WINDOWS\CDex.INI
2008-12-08 18:21:24 ----RSD---- C:\WINDOWS\assembly
2008-12-08 18:21:24 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-08 18:10:46 ----AC---- C:\WINDOWS\System32\PerfStringBackup.INI
2008-12-08 18:08:28 ----D---- C:\WINDOWS\Registration
2008-12-08 18:01:39 ----D---- C:\WINDOWS\WinSxS
2008-12-08 18:00:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-08 18:00:36 ----D---- C:\Program Files\Internet Explorer
2008-12-08 18:00:13 ----D---- C:\WINDOWS\PCHealth
2008-12-06 22:54:23 ----D---- C:\Program Files\Common Files
2008-12-06 11:53:28 ----D---- C:\WINDOWS\LastGood
2008-12-06 11:45:35 ----RSHDC---- C:\WINDOWS\System32\dllcache
2008-12-06 11:45:24 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-02 19:45:23 ----SD---- C:\Documents and Settings\me\Application Data\Microsoft
2008-11-29 10:29:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-12 13:20:26 ----A---- C:\WINDOWS\System32\BorisFX BCC.ini
2008-11-11 17:57:36 ----AC---- C:\WINDOWS\BorisRED3.0.ini
2008-11-09 13:58:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-08 16:29:42 ----D---- C:\Program Files\FinePixViewer
2008-11-03 17:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-02 14:51:30 ----D---- C:\Documents and Settings\me\Application Data\Tutor
2008-10-23 17:45:28 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2002-12-16 64336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2002-12-16 24839]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-02-12 196752]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 ASCTRM;ASCTRM; C:\WINDOWS\System32\drivers\ASCTRM.sys [2008-02-20 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\Aspi32.sys [2001-02-01 25244]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 hardlock;hardlock; \??\C:\WINDOWS\System32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\System32\drivers\Haspnt.sys []
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MCSTRM;MCSTRM; C:\WINDOWS\System32\drivers\MCSTRM.sys [2005-09-15 8413]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-09-26 76288]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [2001-08-17 73279]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-19 11904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Msikbd2k;DellTouch; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2000-10-03 6942]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090116.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090116.004\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
R3 RTL8023xp;Belkin F5D5000 v2000 Desktop PCI Card all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-05-28 500568]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\System32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-02-12 24720]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-10-23 30464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-10-14 25216]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-10-23 53120]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-10-14 19328]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2001-08-17 13952]
S2 VRDVC20;Sony VRD-VC20 [Video Capture]; C:\WINDOWS\System32\Drivers\VRDVC20X.SYS [2004-11-09 31104]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2002-08-29 46080]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2002-08-29 36224]
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2003-02-17 16384]
S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\System32\DRIVERS\emDevice.sys [2004-04-06 100957]
S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\System32\DRIVERS\emFilter.sys [2004-04-06 5245]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2003-02-17 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2003-02-17 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2003-02-17 10112]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-09-13 16694]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-06 47360]
S3 PortlUSB;PortlUSB; C:\WINDOWS\System32\DRIVERS\SiriusUSB.sys []
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-23 25434]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\System32\DRIVERS\emScan.sys [2004-04-06 4493]
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\System32\DRIVERS\scsiscan.sys [2001-08-17 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2003-02-17 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2003-02-17 14976]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2003-02-17 18688]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 AvidSDMService;Avid SDM Service; C:\WINDOWS\system32\AvidSDMService.exe [2004-06-15 57344]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-15 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-31 501048]
S2 AvidStartup;Avid Startup; C:\WINDOWS\system32\AvidStartup.exe [2004-06-15 1114112]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
S4 Nhksrv;Netropa NHK Server; C:\WINDOWS\Nhksrv.exe [2001-08-06 28672]

-----------------EOF-----------------

the logs above are from rerunning RSIT as per your advice...

thanks a lot!

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 21 January 2009 - 05:45 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users