Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.vundo


  • This topic is locked This topic is locked
9 replies to this topic

#1 dakidromeo1

dakidromeo1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 11 January 2009 - 03:37 PM

Hi , i seem to have stumbled upon problems while surfing the net. After realizing i obtained viruses and malware i quickly ran my scans and was able to take care of all of the problems (or so i thought). after one day passed i realized my windows updates were back to being turned off and popups where once again making there way onto my screen. after running the symantec scan on norton 360 it was determined i had trojan.vundo. i thought it was removed but i guess it came back. I kept constantly removing it from my computer cause it kept coming back, but now i realize it never left.
Anyway i ran hijackthis v 2.02 just as told in the website and this is my log. I beg for help from anyone. Please Help and Thanks in advance. by the way i would just like to add that i ran vundo.fix and also virtumundo begone and none of those even detected the trojan.vundo.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:52 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gametop.com/?utm_source=Aztec...tm_medium=start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [a45fedc9] rundll32.exe "C:\WINDOWS\system32\kykbhwad.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7770A3DA-63B4-4AEB-BBB6-924D50CD6B4B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E012DF-AFED-47D7-AF21-266C09B5A44D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB997EAD-EC2F-422F-83BD-FA4A1DAB0065}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0376663-E96E-4BD0-A43A-2AAC2ABEFF70}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lfpdfr.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://ecx.images-amazon.com/images/I/21myoETYozL.jpg

--
End of file - 8904 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 12 January 2009 - 02:59 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 dakidromeo1

dakidromeo1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 16 January 2009 - 02:02 AM

Thanks a lot for your help and sorry for the delay. Here is the info you asked for.

MALWAREBYTES INFO

Malwarebytes' Anti-Malware 1.33
Database version: 1656
Windows 5.1.2600 Service Pack 3

1/15/2009 11:18:41 PM
mbam-log-2009-01-15 (23-18-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 101363
Time elapsed: 48 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 16
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ofrtifwk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqPfCSM.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vvvhwh.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2dd3f1c4-0596-4663-b771-a11716937c5b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2dd3f1c4-0596-4663-b771-a11716937c5b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d3fc426-5927-4f22-af32-16aa709dd94b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d3fc426-5927-4f22-af32-16aa709dd94b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9d3fc426-5927-4f22-af32-16aa709dd94b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a45fedc9 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqpfcsm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqpfcsm -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\urqPfCSM.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\MSCfPqru.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\MSCfPqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvvhwh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ofrtifwk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kwfitrfo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oobwpqjo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ojqpwboo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\5H7M9Y9I\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\AJEPEF3I\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\WKYPJPON\dd_1[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lfpdfr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmuwwwec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rxgbqvso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fikmnmio.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dchbbyix.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxoyouoopo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxtoafrqod.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-A71.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.







RSIT LOG

Logfile of random's system information tool 1.05 (written by random/random)
Run by XP at 2009-01-16 01:51:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (59%) free of 39 GB
Total RAM: 511 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:53 AM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\XP\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\XP.exe
C:\WINDOWS\system32\RunDLL32.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1605E833-0245-45B4-B5CE-322D31350100} - (no file)
O2 - BHO: (no name) - {1CF60835-B8CD-4DFF-9B13-3F739D535454} - (no file)
O2 - BHO: (no name) - {25C42611-6E7B-4D08-9CAC-60603D293C37} - (no file)
O2 - BHO: (no name) - {45BD2608-BBF7-40EF-A5F6-34442B552CB1} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A5AB1499-0EA9-43A4-B33C-2B4F5B93A9CE} - (no file)
O2 - BHO: (no name) - {A6852825-05B6-4710-B84B-8C4D10916DF3} - (no file)
O2 - BHO: (no name) - {BECE422A-5D79-43EE-8171-10ED6B5C6930} - (no file)
O2 - BHO: (no name) - {caccb250-aad2-4f4f-8111-722ed16df578} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7770A3DA-63B4-4AEB-BBB6-924D50CD6B4B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E012DF-AFED-47D7-AF21-266C09B5A44D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB997EAD-EC2F-422F-83BD-FA4A1DAB0065}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0376663-E96E-4BD0-A43A-2AAC2ABEFF70}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: vvvhwh.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://ecx.images-amazon.com/images/I/21myoETYozL.jpg

--
End of file - 8246 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\rpc.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1605E833-0245-45B4-B5CE-322D31350100}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CF60835-B8CD-4DFF-9B13-3F739D535454}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25C42611-6E7B-4D08-9CAC-60603D293C37}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45BD2608-BBF7-40EF-A5F6-34442B552CB1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2009-01-04 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5AB1499-0EA9-43A4-B33C-2B4F5B93A9CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6852825-05B6-4710-B84B-8C4D10916DF3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BECE422A-5D79-43EE-8171-10ED6B5C6930}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{caccb250-aad2-4f4f-8111-722ed16df578}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-20 1207080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZ Smileys]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE [2005-02-10 41042]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^XP^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2
"Apache2"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="vvvhwh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:aim6"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77c7da2c-f969-11d7-81fa-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
shell\Open\command - "resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90e10322-ddba-11dc-8289-000cf174ba38}]
shell\AutoRun\command - Autorun.exe /run
shell\Shell00\command - Autorun.exe /run
shell\Shell01\command - Autorun.exe /action
shell\Shell02\command - Autorun.exe /uninstall


======File associations======

.reg - open -

======List of files/folders created in the last 3 months======

2009-01-16 00:08:35 ----A---- C:\WINDOWS\gmer.ini
2009-01-16 00:08:31 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-16 00:08:31 ----A---- C:\WINDOWS\gmer.dll
2009-01-16 00:08:30 ----A---- C:\WINDOWS\gmer.exe
2009-01-16 00:03:42 ----D---- C:\rsit
2009-01-15 22:19:26 ----D---- C:\Documents and Settings\XP\Application Data\Malwarebytes
2009-01-15 22:19:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-15 22:19:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-15 18:01:15 ----D---- C:\Program Files\particleIllusion_3
2009-01-15 17:19:12 ----D---- C:\Documents and Settings\All Users\Application Data\pI3demoLicense
2009-01-15 13:34:45 ----D---- C:\Program Files\Search Settings
2009-01-14 19:42:08 ----A---- C:\WINDOWS\system32\exomye.dll
2009-01-14 19:42:05 ----A---- C:\WINDOWS\system32\elrdyrlk.dll
2009-01-14 02:01:47 ----D---- C:\Documents and Settings\All Users\Application Data\pI3_lic_file
2009-01-14 00:13:51 ----SHD---- C:\Documents and Settings\XP\Application Data\.#
2009-01-13 19:42:07 ----ASH---- C:\WINDOWS\system32\rhrqgmgc.ini
2009-01-13 14:58:50 ----D---- C:\Intel
2009-01-13 14:58:31 ----D---- C:\Drivers
2009-01-13 14:55:31 ----D---- C:\Program Files\Intel
2009-01-13 14:04:50 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-01-13 14:01:13 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-13 13:53:18 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-13 13:36:40 ----D---- C:\Program Files\Total Video Converter
2009-01-13 13:32:16 ----A---- C:\Documents and Settings\XP\Application Data\tvcnew.exe
2009-01-13 13:25:50 ----D---- C:\Program Files\Microsoft Works
2009-01-13 13:25:10 ----D---- C:\Program Files\Common Files\DESIGNER
2009-01-13 13:24:12 ----D---- C:\Program Files\Microsoft.NET
2009-01-13 13:19:23 ----D---- C:\Program Files\Microsoft Office
2009-01-13 13:17:57 ----RHD---- C:\MSOCache
2009-01-12 23:55:28 ----D---- C:\Documents and Settings\XP\Application Data\Uniblue
2009-01-12 23:54:55 ----D---- C:\Program Files\Uniblue
2009-01-12 19:44:22 ----ASH---- C:\WINDOWS\system32\wmwqqsjl.ini
2009-01-11 19:41:14 ----ASH---- C:\WINDOWS\system32\kqkjqigj.ini
2009-01-11 15:21:32 ----D---- C:\Program Files\Trend Micro
2009-01-11 15:15:15 ----D---- C:\Program Files\Hijackthis
2009-01-10 19:41:24 ----ASH---- C:\WINDOWS\system32\dawhbkyk.ini
2009-01-09 22:26:37 ----D---- C:\Program Files\AMT
2009-01-09 19:48:57 ----ASH---- C:\WINDOWS\system32\vgufiarf.ini
2009-01-08 02:33:57 ----D---- C:\Program Files\DownloadToolz
2009-01-07 18:40:55 ----ASH---- C:\WINDOWS\system32\odbkjjkq.ini
2009-01-07 01:44:37 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-07 01:44:13 ----D---- C:\Program Files\MSBuild
2009-01-07 01:43:25 ----D---- C:\Program Files\Reference Assemblies
2009-01-07 01:33:12 ----A---- C:\WINDOWS\system32\prntvpt.dll
2009-01-07 01:33:09 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2009-01-07 01:33:07 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2009-01-07 01:33:00 ----D---- C:\027628da6570972df75978
2009-01-06 22:50:33 ----A---- C:\WINDOWS\system32\VBAME.DLL
2009-01-06 18:36:23 ----ASH---- C:\WINDOWS\system32\taxihvtp.ini
2009-01-06 13:25:00 ----RHD---- C:\Documents and Settings\XP\Application Data\SecuROM
2009-01-06 13:24:50 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-01-05 19:05:16 ----A---- C:\WINDOWS\system32\ascbalon.dll
2009-01-05 19:02:32 ----A---- C:\WINDOWS\system32\SysRestore.dll
2009-01-05 19:02:30 ----A---- C:\WINDOWS\system32\CreateLog.dll
2009-01-05 19:02:28 ----A---- C:\WINDOWS\system32\ConTest.dll
2009-01-05 18:46:23 ----ASH---- C:\WINDOWS\system32\rqmonkhk.ini
2009-01-05 18:43:33 ----D---- C:\Documents and Settings\XP\Application Data\Canneverbe_Limited
2009-01-05 12:48:51 ----D---- C:\WINDOWS\system32\N360_BACKUP
2009-01-05 10:51:38 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2009-01-05 00:36:54 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-04 21:24:52 ----D---- C:\Program Files\Norton 360
2009-01-04 21:17:55 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-01-04 21:17:08 ----D---- C:\Program Files\Symantec
2009-01-04 18:45:58 ----ASH---- C:\WINDOWS\system32\rglksgdu.ini
2009-01-04 17:18:35 ----D---- C:\Program Files\Windows Sidebar
2009-01-03 18:46:26 ----ASH---- C:\WINDOWS\system32\xajwlkdx.ini
2009-01-03 11:50:46 ----ASH---- C:\WINDOWS\system32\ampnlqgl.ini
2008-12-30 20:58:45 ----ASH---- C:\WINDOWS\system32\gbnxnncv.ini
2008-12-30 16:59:09 ----D---- C:\Program Files\Enigma Software Group
2008-12-29 22:08:26 ----D---- C:\VundoFix Backups
2008-12-29 22:08:26 ----A---- C:\VundoFix.txt
2008-12-29 20:55:40 ----ASH---- C:\WINDOWS\system32\ryttriyu.ini
2008-12-29 16:14:49 ----A---- C:\WINDOWS\UNBOC.EXE
2008-12-29 16:14:48 ----A---- C:\WINDOWS\CMDLIC.DLL
2008-12-29 12:44:49 ----D---- C:\WINDOWS\Prefetch
2008-12-29 12:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-29 12:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-29 12:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-29 12:22:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-29 12:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-29 12:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-29 12:08:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-29 12:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-29 12:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-28 23:45:20 ----A---- C:\WINDOWS\wininit.ini
2008-12-28 20:47:10 ----A---- C:\WINDOWS\system32\af7c29b7-.txt
2008-12-25 13:15:13 ----D---- C:\Program Files\PopCap Games
2008-12-17 17:45:18 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-17 17:45:17 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 17:45:17 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 17:45:17 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 03:14:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 03:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-03 16:51:29 ----AH---- C:\aaw7boot.cmd
2008-11-17 00:18:57 ----D---- C:\Program Files\GameTop.com
2008-11-17 00:05:52 ----D---- C:\Program Files\Luxor Amun Rising
2008-11-17 00:05:39 ----D---- C:\Program Files\ReflexiveArcade
2008-11-11 21:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 21:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 21:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-29 10:09:18 ----N---- C:\WINDOWS\WB.ini
2008-10-29 10:04:24 ----A---- C:\WINDOWS\system32\wbsys.dll
2008-10-29 10:04:21 ----D---- C:\Program Files\Stardock
2008-10-26 21:47:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 3 months======

2009-01-16 01:51:11 ----D---- C:\WINDOWS\Temp
2009-01-16 00:08:35 ----D---- C:\WINDOWS
2009-01-16 00:08:31 ----D---- C:\WINDOWS\system32\drivers
2009-01-16 00:04:18 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-16 00:00:19 ----D---- C:\Program Files\Mozilla Firefox
2009-01-15 23:48:56 ----D---- C:\WINDOWS\system32
2009-01-15 23:40:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-15 22:19:16 ----RD---- C:\Program Files
2009-01-15 21:45:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-15 16:31:07 ----SHD---- C:\WINDOWS\Installer
2009-01-15 16:30:19 ----SHD---- C:\Config.Msi
2009-01-15 16:28:36 ----SD---- C:\WINDOWS\Tasks
2009-01-15 13:37:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-15 13:37:00 ----D---- C:\Program Files\BestOn
2009-01-15 03:09:08 ----D---- C:\WINDOWS\system32\Restore
2009-01-15 00:34:31 ----HD---- C:\WINDOWS\inf
2009-01-15 00:34:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-15 00:34:18 ----D---- C:\Program Files\Common Files
2009-01-15 00:22:08 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-15 00:22:04 ----D---- C:\Program Files\Viewpoint
2009-01-15 00:19:10 ----D---- C:\Program Files\LimeWire
2009-01-14 13:41:13 ----D---- C:\Program Files\Adobe
2009-01-14 00:23:42 ----D---- C:\Program Files\Google
2009-01-14 00:23:36 ----D---- C:\Documents and Settings\XP\Application Data\Apple Computer
2009-01-14 00:23:36 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-14 00:23:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-14 00:23:07 ----D---- C:\Program Files\Common Files\Skype
2009-01-13 15:39:32 ----D---- C:\WINDOWS\system32\config
2009-01-13 15:07:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-13 15:07:29 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-13 14:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-13 14:30:07 ----RSD---- C:\WINDOWS\assembly
2009-01-13 14:29:52 ----D---- C:\Program Files\OpenOffice.org 2.4
2009-01-13 13:36:50 ----RSD---- C:\WINDOWS\Fonts
2009-01-13 13:29:09 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-13 13:25:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-11 19:08:20 ----D---- C:\Documents and Settings\XP\Application Data\OpenOffice.org2
2009-01-10 00:03:37 ----D---- C:\WINDOWS\Minidump
2009-01-09 23:59:50 ----A---- C:\WINDOWS\win.ini
2009-01-07 13:28:04 ----SHD---- C:\System Volume Information
2009-01-07 04:26:29 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-07 04:20:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-07 01:55:35 ----D---- C:\WINDOWS\WinSxS
2009-01-07 01:44:21 ----D---- C:\WINDOWS\system32\en-US
2009-01-07 01:41:26 ----D---- C:\WINDOWS\system32\spool
2009-01-07 01:14:31 ----D---- C:\WINDOWS\system32\mui
2009-01-07 01:14:28 ----D---- C:\Program Files\Internet Explorer
2009-01-07 00:44:05 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-01-07 00:33:58 ----D---- C:\Documents and Settings
2009-01-07 00:33:44 ----D---- C:\Program Files\YouTube Downloader
2009-01-07 00:33:44 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-06 13:22:25 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-06 07:30:47 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-05 11:14:31 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-05 11:00:35 ----A---- C:\WINDOWS\ODBC.INI
2009-01-05 10:52:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-05 10:52:01 ----SD---- C:\Documents and Settings\XP\Application Data\Microsoft
2009-01-05 10:51:40 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-05 10:46:37 ----D---- C:\Program Files\Lavasoft
2009-01-05 08:02:38 ----D---- C:\Documents and Settings\XP\Application Data\skypePM
2009-01-05 01:00:41 ----D---- C:\Documents and Settings\XP\Application Data\Symantec
2008-12-29 13:53:59 ----D---- C:\Program Files\Messenger
2008-12-29 12:59:08 ----A---- C:\WINDOWS\setuplog.txt
2008-12-29 12:43:22 ----D---- C:\WINDOWS\security
2008-12-29 12:30:37 ----A---- C:\WINDOWS\imsins.BAK
2008-12-29 11:57:14 ----D---- C:\WINDOWS\Help
2008-12-29 11:57:06 ----D---- C:\WINDOWS\system32\oobe
2008-12-29 11:48:26 ----D---- C:\WINDOWS\EHome
2008-12-26 20:55:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-25 22:02:23 ----D---- C:\Program Files\Java
2008-12-25 21:25:15 ----D---- C:\Program Files\Audio Editor Gold
2008-12-25 21:25:13 ----D---- C:\Program Files\PConPoint
2008-12-18 13:20:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 03:12:21 ----D---- C:\WINDOWS\ie7updates
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-17 16:22:13 ----D---- C:\Documents and Settings\XP\Application Data\LimeWire
2008-10-26 21:39:55 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-14 20747]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 Nbf;NetBEUI Protocol; C:\WINDOWS\system32\DRIVERS\nbf.sys [2001-08-18 98176]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090115.034\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090115.034\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090113.002\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 BOCDRIVE;BOClean Kernel Monitor.; C:\WINDOWS\system32\drivers\BOCDRIVE.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 46944]
S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-03-17 44256]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-16 85969]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
S3 KLSIENET;Driver for USB Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\usb101et.sys [2004-08-03 32384]
S3 mamotou;mamotou; C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 49399]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-10-13 47360]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-03 166912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2006-12-28 45184]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xnacc.sys [2005-09-15 476672]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 330240]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-17 152984]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-01-04 1245064]
S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apache2;Apache2; C:\Program Files\Apache Group\Apache2\bin\Apache.exe [2005-02-10 20541]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------







RSIT INFO


info.txt logfile of random's system information tool 1.05 2009-01-16 00:05:42

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
Apache HTTP Server 2.0.53-->MsiExec.exe /I{3A862C7D-0504-48BC-AEF8-7F7479C7C158}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Blaine's Custom TV Ratings-->MsiExec.exe /I{36756DBA-10A2-4BDE-B6C7-F4307478D9AD}
Canon iP1800 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series /L0x0009
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Dark Sky RainbowTheme-->C:\WINDOWS\Resources\Themes\UninstTheme.exe "C:\WINDOWS\Resources\Themes\Dark Sky Rainbow.theme"
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Free YouTube to iPod Converter version 2.8-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Product Detection-->MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Intel® Network Connections 13.0.42.0-->MsiExec.exe /i{2223FC2F-B862-4F83-BC9E-DDF2DADF2859} ARPREMOVE=1
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007-->MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_2_0_2\Setup.exe" /X
Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{F413B69D-4AD6-42AB-AEA5-0548989FAD50}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
particleIllusion 3.0.2-->"C:\Program Files\particleIllusion_3\uninstall\unins000.exe"
particleIllusion 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\particleIllusion_3\Uninst.isu"
Redtube Video Downloader 3.15-->"C:\Program Files\DownloadToolz\Redtube Video Downloader\unins000.exe"
Search Settings 1.1-->MsiExec.exe /X{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Total Video Converter 3.14 08113-->"C:\Program Files\Total Video Converter\unins000.exe"
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Uniblue SpeedUpMyPC 3-->"C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Zuma Deluxe 1.0.0.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"

======Security center information======

AV: Norton 360
FW: Norton 360

System event log

Computer Name: JAMES
Event Code: 4201
Message: The system detected that network adapter Linksys...PCI Adapter - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 36851
Source Name: Tcpip
Time Written: 20090108152756.000000-300
Event Type: information
User:

Computer Name: JAMES
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{7BC963B7-69E5-4B1B-A73D-8876C8AA4EB8} because a master browser was stopped.

Record Number: 36850
Source Name: BROWSER
Time Written: 20090108152603.000000-300
Event Type: information
User:

Computer Name: JAMES
Event Code: 4202
Message: The system detected that network adapter Linksys...PCI Adapter - Packet Scheduler Miniport was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 36849
Source Name: Tcpip
Time Written: 20090108152602.000000-300
Event Type: information
User:

Computer Name: JAMES
Event Code: 7036
Message: The LiveUpdate service entered the stopped state.

Record Number: 36848
Source Name: Service Control Manager
Time Written: 20090108152311.000000-300
Event Type: information
User:

Computer Name: JAMES
Event Code: 7036
Message: The LiveUpdate service entered the running state.

Record Number: 36847
Source Name: Service Control Manager
Time Written: 20090108152015.000000-300
Event Type: information
User:

Application event log

Computer Name: JAMES
Event Code: 101
Message: Information Level: success

Scheduler launched Automatic LiveUpdate.

Record Number: 4093
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090106133158.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JAMES
Event Code: 11724
Message: Product: PC SpeedScan Pro -- Removal completed successfully.

Record Number: 4092
Source Name: MsiInstaller
Time Written: 20090106133112.000000-300
Event Type: information
User: JAMES\XP

Computer Name: JAMES
Event Code: 101
Message: Information Level: success

The next run has been scheduled to occur at approximately 1:31 PM.

Record Number: 4091
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090106123209.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JAMES
Event Code: 101
Message: Information Level: success

Automatic LiveUpdate has terminated.

Record Number: 4090
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090106123209.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JAMES
Event Code: 101
Message: Information Level: success

Scheduler launched Automatic LiveUpdate.

Record Number: 4089
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090106113457.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip;C:\Program Files\iTunes\Plug-Ins\Qloud\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\ImageConverter Plus;C:\Program Files\Intel\DMIX
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------




and GMER RESULT is uploaded

thanks again

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 16 January 2009 - 02:24 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 dakidromeo1

dakidromeo1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 16 January 2009 - 12:35 PM

Here is what you asked for. First is the

COMBOFIX LOG

ComboFix 09-01-15.01 - XP 2009-01-16 12:12:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.210 [GMT -5:00]
Running from: c:\documents and settings\XP\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\XP\Application Data\.#
c:\documents and settings\XP\Application Data\inst.exe
c:\documents and settings\XP\Favorites\Download programs.url
c:\documents and settings\XP\Favorites\Games.url
c:\documents and settings\XP\Favorites\Translator.url
c:\documents and settings\XP\Favorites\Videos.url
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 00:08 . 2009-01-16 00:08 250 --a------ c:\windows\gmer.ini
2009-01-16 00:03 . 2009-01-16 01:55 <DIR> d-------- C:\rsit
2009-01-15 22:19 . 2009-01-15 22:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 22:19 . 2009-01-15 22:19 <DIR> d-------- c:\documents and settings\XP\Application Data\Malwarebytes
2009-01-15 22:19 . 2009-01-15 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 22:19 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 22:19 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 18:01 . 2009-01-15 18:02 <DIR> d-------- c:\program files\particleIllusion_3
2009-01-15 17:19 . 2009-01-15 17:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\pI3demoLicense
2009-01-15 13:34 . 2009-01-15 13:34 <DIR> d-------- c:\program files\Search Settings
2009-01-14 02:01 . 2009-01-14 02:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\pI3_lic_file
2009-01-14 01:25 . 2009-01-14 01:25 <DIR> d-------- c:\documents and settings\XP\WINDOWS
2009-01-13 19:42 . 2009-01-13 19:42 1,354,217 --ahs---- c:\windows\system32\rhrqgmgc.ini
2009-01-13 14:58 . 2009-01-13 14:58 <DIR> d-------- C:\Intel
2009-01-13 14:58 . 2009-01-13 14:58 <DIR> d-------- C:\Drivers
2009-01-13 14:55 . 2009-01-13 15:00 <DIR> d-------- c:\program files\Intel
2009-01-13 14:55 . 2006-01-12 14:52 1,904 --a------ c:\windows\system32\SetupBD.din
2009-01-13 14:04 . 2009-01-15 16:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-13 14:01 . 2009-01-13 14:01 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-13 13:53 . 2009-01-13 13:57 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-13 13:36 . 2009-01-13 15:31 <DIR> d-------- c:\program files\Total Video Converter
2009-01-13 13:32 . 2009-01-13 15:31 7,662,866 --a------ c:\documents and settings\XP\Application Data\tvcnew.exe
2009-01-13 13:25 . 2009-01-13 13:25 <DIR> d-------- c:\program files\Microsoft Works
2009-01-13 13:24 . 2009-01-13 13:24 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-13 13:17 . 2009-01-13 13:17 <DIR> dr-h----- C:\MSOCache
2009-01-12 23:55 . 2009-01-15 16:31 <DIR> d-------- c:\documents and settings\XP\Application Data\Uniblue
2009-01-12 23:54 . 2009-01-15 16:30 <DIR> d-------- c:\program files\Uniblue
2009-01-12 19:44 . 2009-01-13 12:32 1,354,217 --ahs---- c:\windows\system32\wmwqqsjl.ini
2009-01-11 19:41 . 2009-01-12 19:42 1,268,985 --ahs---- c:\windows\system32\kqkjqigj.ini
2009-01-11 15:21 . 2009-01-11 15:21 <DIR> d-------- c:\program files\Trend Micro
2009-01-10 19:41 . 2009-01-10 19:41 1,256,329 --ahs---- c:\windows\system32\dawhbkyk.ini
2009-01-09 22:26 . 2009-01-09 22:26 <DIR> d-------- c:\program files\AMT
2009-01-09 19:48 . 2009-01-09 19:49 1,334,189 --ahs---- c:\windows\system32\vgufiarf.ini
2009-01-08 02:33 . 2009-01-08 02:33 <DIR> d-------- c:\program files\DownloadToolz
2009-01-07 18:40 . 2009-01-09 18:43 1,334,189 --ahs---- c:\windows\system32\odbkjjkq.ini
2009-01-07 01:44 . 2009-01-07 01:44 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-07 01:44 . 2009-01-07 01:44 <DIR> d-------- c:\program files\MSBuild
2009-01-07 01:43 . 2009-01-07 01:43 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-07 01:33 . 2009-01-07 01:42 <DIR> d-------- C:\027628da6570972df75978
2009-01-07 01:33 . 2008-07-06 07:06 1,676,288 --a------ c:\windows\system32\xpssvcs.dll
2009-01-07 01:33 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-07 01:33 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-07 01:33 . 2008-07-06 07:06 575,488 --a------ c:\windows\system32\xpsshhdr.dll
2009-01-07 01:33 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-07 01:33 . 2008-07-06 07:06 117,760 --a------ c:\windows\system32\prntvpt.dll
2009-01-07 01:33 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-06 22:50 . 1998-12-24 20:23 40,960 --a------ c:\windows\system32\VBAME.DLL
2009-01-06 18:36 . 2009-01-06 18:36 1,321,922 --ahs---- c:\windows\system32\taxihvtp.ini
2009-01-06 13:25 . 2009-01-06 13:25 <DIR> dr-h----- c:\documents and settings\XP\Application Data\SecuROM
2009-01-06 13:24 . 2009-01-06 13:24 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-05 19:05 . 2007-07-03 11:48 36,864 --a------ c:\windows\system32\ascbalon.dll
2009-01-05 19:02 . 2008-07-29 11:27 208,896 --a------ c:\windows\system32\ConTest.dll
2009-01-05 19:02 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2009-01-05 19:02 . 2007-07-03 11:48 20,480 --a------ c:\windows\system32\SysRestore.dll
2009-01-05 18:46 . 2009-01-06 00:48 1,306,358 --ahs---- c:\windows\system32\rqmonkhk.ini
2009-01-05 18:43 . 2009-01-05 18:43 <DIR> d-------- c:\documents and settings\XP\Application Data\Canneverbe_Limited
2009-01-05 12:48 . 2009-01-05 12:48 <DIR> d-------- c:\windows\system32\N360_BACKUP
2009-01-05 10:51 . 2009-01-05 10:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg7
2009-01-05 00:36 . 2009-01-05 00:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-04 21:24 . 2009-01-05 01:56 <DIR> d-------- c:\program files\Norton 360
2009-01-04 21:17 . 2009-01-07 00:54 <DIR> d-------- c:\program files\Symantec
2009-01-04 21:17 . 2009-01-07 00:54 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-04 21:17 . 2009-01-07 00:54 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-04 18:45 . 2009-01-04 18:46 1,307,356 --ahs---- c:\windows\system32\rglksgdu.ini
2009-01-04 17:18 . 2009-01-04 17:18 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-04 17:11 . 2009-01-07 00:54 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-04 17:11 . 2009-01-07 00:54 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-03 18:46 . 2009-01-03 18:46 1,307,356 --ahs---- c:\windows\system32\xajwlkdx.ini
2009-01-03 11:50 . 2009-01-03 11:50 1,307,356 --ahs---- c:\windows\system32\ampnlqgl.ini
2008-12-30 20:58 . 2008-12-30 20:58 1,307,941 --ahs---- c:\windows\system32\gbnxnncv.ini
2008-12-30 16:59 . 2008-12-30 17:08 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-29 22:08 . 2008-12-29 22:08 <DIR> d-------- C:\VundoFix Backups
2008-12-29 20:55 . 2008-12-30 20:56 1,307,941 --ahs---- c:\windows\system32\ryttriyu.ini
2008-12-29 16:15 . 2008-04-13 19:12 22,528 --a------ c:\windows\system32\wsock32.dlb
2008-12-29 16:14 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2008-12-29 16:14 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2008-12-28 23:45 . 2008-12-28 23:45 84 --a------ c:\windows\wininit.ini
2008-12-25 13:15 . 2009-01-14 13:42 <DIR> d-------- c:\program files\PopCap Games
2008-12-17 17:45 . 2008-12-17 17:44 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 17:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-16 08:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-15 18:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 18:37 --------- d-----w c:\program files\BestOn
2009-01-15 05:22 --------- d-----w c:\program files\Viewpoint
2009-01-15 05:22 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-15 05:19 --------- d-----w c:\program files\LimeWire
2009-01-14 05:23 --------- d-----w c:\program files\Stardock
2009-01-14 05:23 --------- d-----w c:\program files\Google
2009-01-14 05:23 --------- d-----w c:\program files\Common Files\Skype
2009-01-14 05:23 --------- d-----w c:\documents and settings\XP\Application Data\Apple Computer
2009-01-14 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-13 19:29 --------- d-----w c:\program files\OpenOffice.org 2.4
2009-01-12 00:08 --------- d-----w c:\documents and settings\XP\Application Data\OpenOffice.org2
2009-01-07 05:44 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-01-07 05:33 --------- d-----w c:\program files\YouTube Downloader
2009-01-07 05:33 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-06 18:22 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-06 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-05 15:52 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-05 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-05 15:46 --------- d-----w c:\program files\Lavasoft
2009-01-05 13:02 --------- d-----w c:\documents and settings\XP\Application Data\skypePM
2009-01-05 06:00 --------- d-----w c:\documents and settings\XP\Application Data\Symantec
2008-12-27 01:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-26 03:02 --------- d-----w c:\program files\Java
2008-12-26 02:25 --------- d-----w c:\program files\PConPoint
2008-12-26 02:25 --------- d-----w c:\program files\Audio Editor Gold
2008-12-26 02:23 --------- d-----w c:\program files\Luxor Amun Rising
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-03 21:52 1,652 ---ha-w C:\aaw7boot.cmd
2008-11-17 21:22 --------- d-----w c:\documents and settings\XP\Application Data\LimeWire
2008-11-17 05:18 --------- d-----w c:\program files\GameTop.com
2008-11-17 05:05 --------- d-----w c:\program files\ReflexiveArcade
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-06-16 17:28 88 --sh--r c:\documents and settings\All Users\Application Data\15046F1358.sys
2008-06-16 17:28 848 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-03-04 17:35 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-27 02:39 10 ----a-w c:\documents and settings\All Users\Application Data\mmrpplic.dat
2007-10-13 23:59 47,360 ----a-w c:\documents and settings\XP\Application Data\pcouffin.sys
2007-10-07 19:37 1,045,050 ----a-w c:\windows\inf\mydrivers.exe
2007-10-07 19:23 5,893,280 ----a-w c:\windows\inf\SP28818.exe
2007-01-10 06:29 307,200 ----a-w c:\windows\inf\atiiiexx.dll
2007-01-10 06:26 94,208 ----a-w c:\windows\inf\Driver.DLL
2007-01-10 06:26 94,208 ----a-w c:\windows\inf\CPANEL.dll
2007-01-10 06:26 53,248 ----a-w c:\windows\inf\AtiCIM.dll
2007-01-10 06:25 6,144 ----a-w c:\windows\inf\atiicdxx.sys
2007-01-10 06:25 385,024 ----a-w c:\windows\inf\atiicdxx.dll
2007-01-10 06:25 128,512 ----a-w c:\windows\inf\UpdatPnP.exe
2007-01-10 06:25 123,392 ----a-w c:\windows\inf\EnumDev.exe
2007-01-10 06:24 348,160 ----a-w c:\windows\inf\aticds10.dll
2007-01-10 02:15 73,728 ----a-w c:\windows\inf\CheckVer.exe
2007-01-10 02:15 51,712 ----a-w c:\windows\inf\DrvUI64A.exe
2007-01-10 02:15 18,192 ----a-w c:\windows\inf\psapi.dll
2007-01-10 02:15 151,552 ----a-w c:\windows\inf\AtiCim.bin
2007-01-10 02:15 127,488 ----a-w c:\windows\inf\issetup.exe
2007-01-10 02:15 118,784 ----a-w c:\windows\inf\AtiCimUn.exe
2005-07-18 21:09 6,126 ----a-w c:\windows\inf\platform.bin
2005-03-22 17:39 1,616 ----a-w c:\windows\inf\layout.bin
2005-03-22 15:20 286,720 ----a-w c:\windows\inf\SMWDMIF.dll
2005-03-22 15:08 260,224 ----a-w c:\windows\inf\smwdm.sys
2004-11-19 14:00 49,152 ----a-w c:\windows\inf\DSndUp.exe
2004-10-14 18:42 1,404,928 ----a-w c:\windows\inf\SMax4PNP.exe
2004-10-05 20:10 23,040 ----a-w c:\windows\inf\PostProc.dll
2004-09-23 11:55 311,296 ----a-w c:\windows\inf\EDCrypt.DLL
2004-09-17 13:02 732,928 ----a-w c:\windows\inf\senfilt.sys
2004-05-06 18:14 69,632 ----a-w c:\windows\inf\DevInst.dll
2004-04-09 19:48 69,632 ----a-w c:\windows\inf\Instngin.dll
2004-04-09 19:48 36,864 ----a-w c:\windows\inf\IGDIita.dll
2004-04-09 19:48 36,864 ----a-w c:\windows\inf\IGDIfra.dll
2004-04-09 19:48 36,864 ----a-w c:\windows\inf\IGDIdeu.dll
2004-04-09 19:48 32,768 ----a-w c:\windows\inf\IGDItha.dll
2004-04-09 19:48 32,768 ----a-w c:\windows\inf\IGDIptb.dll
2004-04-09 19:48 32,768 ----a-w c:\windows\inf\IGDIesp.dll
2004-04-09 19:48 28,672 ----a-w c:\windows\inf\IGDIkor.dll
2004-04-09 19:48 28,672 ----a-w c:\windows\inf\IGDIjpn.dll
2004-04-09 19:48 24,576 ----a-w c:\windows\inf\IGDIcht.dll
2004-04-09 19:48 24,576 ----a-w c:\windows\inf\IGDIchs.dll
2004-04-09 19:48 147,456 ----a-w c:\windows\inf\Setup.exe
2004-02-10 16:17 681,469 ----a-w c:\windows\inf\ialmnt5.sys
2004-02-10 16:16 739,387 ----a-w c:\windows\inf\ialmdd5.dll
2004-02-10 16:10 61,440 ----a-w c:\windows\inf\ialmcoin.dll
2004-02-10 16:10 49,152 ----a-w c:\windows\inf\ialmrem.dll
2004-02-10 16:10 36,415 ----a-w c:\windows\inf\ialmrnt5.dll
2004-02-10 16:10 103,484 ----a-w c:\windows\inf\ialmdnt5.dll
2004-02-10 16:09 471,040 ----a-w c:\windows\inf\ialmgdev.dll
2004-02-10 16:09 126,651 ----a-w c:\windows\inf\ialmdev5.dll
2004-02-10 16:07 2,273,280 ----a-w c:\windows\inf\ialmgicd.dll
2004-02-10 15:55 94,208 ----a-w c:\windows\inf\igfxext.exe
2008-06-30 18:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-06-16 16:25 56 --sh--r c:\windows\system32\58136F0415.sys
2008-06-16 16:25 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vvvhwh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^XP^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZ Smileys
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 03:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"Apache2"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-05 99376]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-09-06 20608]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2003-10-08 32384]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2007-11-11 49399]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - GTNDIS5

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90e10322-ddba-11dc-8289-000cf174ba38}]
\Shell\AutoRun\command - Autorun.exe /run
\Shell\Shell00\Command - Autorun.exe /run
\Shell\Shell01\Command - Autorun.exe /action
\Shell\Shell02\Command - Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []

2009-01-13 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2009-01-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1605E833-0245-45B4-B5CE-322D31350100} - (no file)
BHO-{1CF60835-B8CD-4DFF-9B13-3F739D535454} - (no file)
BHO-{25C42611-6E7B-4D08-9CAC-60603D293C37} - (no file)
BHO-{45BD2608-BBF7-40EF-A5F6-34442B552CB1} - (no file)
BHO-{A5AB1499-0EA9-43A4-B33C-2B4F5B93A9CE} - (no file)
BHO-{A6852825-05B6-4710-B84B-8C4D10916DF3} - (no file)
BHO-{BECE422A-5D79-43EE-8171-10ED6B5C6930} - (no file)
BHO-{caccb250-aad2-4f4f-8111-722ed16df578} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel
TCP: {7770A3DA-63B4-4AEB-BBB6-924D50CD6B4B} = 208.67.220.220,208.67.222.222
TCP: {A3E012DF-AFED-47D7-AF21-266C09B5A44D} = 208.67.220.220,208.67.222.222
TCP: {AB997EAD-EC2F-422F-83BD-FA4A1DAB0065} = 208.67.220.220,208.67.222.222
TCP: {E0376663-E96E-4BD0-A43A-2AAC2ABEFF70} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\XP\Application Data\Mozilla\Firefox\Profiles\gt72p4cx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 12:14:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-746137067-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B535D464-F6FC-F2B5-3BC6-C31B8224DBCD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eanjdimgjh"=hex:66,61,68,6b,70,6f,69,69,68,64,67,6a,00,31
"dagmadml"=hex:64,62,6a,6f,66,6c,6f,68,61,65,66,69,6a,64,6b,67,66,69,62,6b,70,
64,65,70,68,67,70,67,67,67,67,6b,64,69,67,65,6e,6a,6f,62,00,00
"iafldafdglfeoofpce"=hex:6a,61,61,70,6e,61,6d,6a,69,61,6d,64,6c,6d,70,62,67,6e,
68,66,00,00
"haplfohldfhldcko"=hex:6a,61,61,70,6e,61,6d,6a,69,61,6d,64,6c,6d,70,62,67,6e,
68,66,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fe,fb,77,d3,a8,6c,e4,1e,2b,7c,16,9a,ed,5b,c9,8f,6e,59,c4,80,3a,
6c,31,25,41,cb,28,d7,4d,0f,60,bd,75,c7,21,0a,9d,68,95,b6,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b035c620-a6af-438b-ac37-5b185ed7c202}]
@Denied: (Full) (Everyone)
"Model"=dword:00000133
"Therad"=dword:00000021
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
Completion time: 2009-01-16 12:19:30
ComboFix-quarantined-files.txt 2009-01-16 17:18:06

Pre-Run: 23,251,689,472 bytes free
Post-Run: 23,470,637,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

377 --- E O F --- 2009-01-16 08:15:49








Last is the Hijackthislog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:11 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7770A3DA-63B4-4AEB-BBB6-924D50CD6B4B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E012DF-AFED-47D7-AF21-266C09B5A44D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB997EAD-EC2F-422F-83BD-FA4A1DAB0065}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0376663-E96E-4BD0-A43A-2AAC2ABEFF70}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: vvvhwh.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://ecx.images-amazon.com/images/I/21myoETYozL.jpg

--
End of file - 7039 bytes

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 16 January 2009 - 12:48 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
gaopdxserv.sys

Rootkit::
C:\Windows\system32\drivers\gaopdxtoafrqod.sys
C:\Windows\system32\gaopdxoyouoopo.dll

File::
C:\Windows\system32\drivers\gaopdxtoafrqod.sys
C:\Windows\system32\gaopdxoyouoopo.dll
c:\windows\system32\rhrqgmgc.ini
c:\windows\system32\wmwqqsjl.ini
c:\windows\system32\kqkjqigj.ini
c:\windows\system32\dawhbkyk.ini
c:\windows\system32\vgufiarf.ini
c:\windows\system32\odbkjjkq.ini
c:\windows\system32\taxihvtp.ini
c:\windows\system32\rqmonkhk.ini
c:\windows\system32\rglksgdu.ini
c:\windows\system32\xajwlkdx.ini
c:\windows\system32\ampnlqgl.ini
c:\windows\system32\gbnxnncv.ini
c:\windows\system32\ryttriyu.ini
C:\aaw7boot.cmd
c:\windows\Tasks\rpc.job

Folder::
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\program files\Winferno

RegNull::
[HKEY_USERS\S-1-5-21-583907252-746137067-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B535D464-F6FC-F2B5-3BC6-C31B8224DBCD}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b035c620-a6af-438b-ac37-5b185ed7c202}]


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90e10322-ddba-11dc-8289-000cf174ba38}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 dakidromeo1

dakidromeo1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 16 January 2009 - 01:34 PM

Latest COMBOFIX log

ComboFix 09-01-15.01 - XP 2009-01-16 13:12:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.137 [GMT -5:00]
Running from: c:\documents and settings\XP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\XP\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *disabled*
* Created a new restore point

FILE ::
C:\aaw7boot.cmd
c:\windows\system32\ampnlqgl.ini
c:\windows\system32\dawhbkyk.ini
c:\windows\system32\drivers\gaopdxtoafrqod.sys
c:\windows\system32\gaopdxoyouoopo.dll
c:\windows\system32\gbnxnncv.ini
c:\windows\system32\kqkjqigj.ini
c:\windows\system32\odbkjjkq.ini
c:\windows\system32\rglksgdu.ini
c:\windows\system32\rhrqgmgc.ini
c:\windows\system32\rqmonkhk.ini
c:\windows\system32\ryttriyu.ini
c:\windows\system32\taxihvtp.ini
c:\windows\system32\vgufiarf.ini
c:\windows\system32\wmwqqsjl.ini
c:\windows\system32\xajwlkdx.ini
c:\windows\Tasks\rpc.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aaw7boot.cmd
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\DifXInstall64.exe
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\gearaspiwdmx64.cat
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\x64\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\x64\GEARAspi64.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\x64\GEARAspiWDM.sys
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
c:\windows\system32\ampnlqgl.ini
c:\windows\system32\dawhbkyk.ini
c:\windows\system32\gbnxnncv.ini
c:\windows\system32\kqkjqigj.ini
c:\windows\system32\odbkjjkq.ini
c:\windows\system32\rglksgdu.ini
c:\windows\system32\rhrqgmgc.ini
c:\windows\system32\rqmonkhk.ini
c:\windows\system32\ryttriyu.ini
c:\windows\system32\taxihvtp.ini
c:\windows\system32\vgufiarf.ini
c:\windows\system32\wmwqqsjl.ini
c:\windows\system32\xajwlkdx.ini
c:\windows\Tasks\rpc.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 00:08 . 2009-01-16 00:08 250 --a------ c:\windows\gmer.ini
2009-01-16 00:03 . 2009-01-16 01:55 <DIR> d-------- C:\rsit
2009-01-15 22:19 . 2009-01-15 22:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 22:19 . 2009-01-15 22:19 <DIR> d-------- c:\documents and settings\XP\Application Data\Malwarebytes
2009-01-15 22:19 . 2009-01-15 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 22:19 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 22:19 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 18:01 . 2009-01-15 18:02 <DIR> d-------- c:\program files\particleIllusion_3
2009-01-15 17:19 . 2009-01-15 17:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\pI3demoLicense
2009-01-15 13:34 . 2009-01-15 13:34 <DIR> d-------- c:\program files\Search Settings
2009-01-14 02:01 . 2009-01-14 02:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\pI3_lic_file
2009-01-14 01:25 . 2009-01-14 01:25 <DIR> d-------- c:\documents and settings\XP\WINDOWS
2009-01-13 14:58 . 2009-01-13 14:58 <DIR> d-------- C:\Intel
2009-01-13 14:58 . 2009-01-13 14:58 <DIR> d-------- C:\Drivers
2009-01-13 14:55 . 2009-01-13 15:00 <DIR> d-------- c:\program files\Intel
2009-01-13 14:55 . 2006-01-12 14:52 1,904 --a------ c:\windows\system32\SetupBD.din
2009-01-13 14:04 . 2009-01-15 16:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-13 14:01 . 2009-01-13 14:01 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-13 13:53 . 2009-01-13 13:57 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-13 13:36 . 2009-01-13 15:31 <DIR> d-------- c:\program files\Total Video Converter
2009-01-13 13:32 . 2009-01-13 15:31 7,662,866 --a------ c:\documents and settings\XP\Application Data\tvcnew.exe
2009-01-13 13:25 . 2009-01-13 13:25 <DIR> d-------- c:\program files\Microsoft Works
2009-01-13 13:24 . 2009-01-13 13:24 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-13 13:17 . 2009-01-13 13:17 <DIR> dr-h----- C:\MSOCache
2009-01-12 23:55 . 2009-01-15 16:31 <DIR> d-------- c:\documents and settings\XP\Application Data\Uniblue
2009-01-12 23:54 . 2009-01-15 16:30 <DIR> d-------- c:\program files\Uniblue
2009-01-11 15:21 . 2009-01-11 15:21 <DIR> d-------- c:\program files\Trend Micro
2009-01-09 22:26 . 2009-01-09 22:26 <DIR> d-------- c:\program files\AMT
2009-01-08 02:33 . 2009-01-08 02:33 <DIR> d-------- c:\program files\DownloadToolz
2009-01-07 01:44 . 2009-01-07 01:44 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-07 01:44 . 2009-01-07 01:44 <DIR> d-------- c:\program files\MSBuild
2009-01-07 01:43 . 2009-01-07 01:43 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-07 01:33 . 2009-01-07 01:42 <DIR> d-------- C:\027628da6570972df75978
2009-01-07 01:33 . 2008-07-06 07:06 1,676,288 --a------ c:\windows\system32\xpssvcs.dll
2009-01-07 01:33 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-07 01:33 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-07 01:33 . 2008-07-06 07:06 575,488 --a------ c:\windows\system32\xpsshhdr.dll
2009-01-07 01:33 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-07 01:33 . 2008-07-06 07:06 117,760 --a------ c:\windows\system32\prntvpt.dll
2009-01-07 01:33 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-06 22:50 . 1998-12-24 20:23 40,960 --a------ c:\windows\system32\VBAME.DLL
2009-01-06 13:25 . 2009-01-06 13:25 <DIR> dr-h----- c:\documents and settings\XP\Application Data\SecuROM
2009-01-06 13:24 . 2009-01-06 13:24 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-05 19:05 . 2007-07-03 11:48 36,864 --a------ c:\windows\system32\ascbalon.dll
2009-01-05 19:02 . 2008-07-29 11:27 208,896 --a------ c:\windows\system32\ConTest.dll
2009-01-05 19:02 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2009-01-05 19:02 . 2007-07-03 11:48 20,480 --a------ c:\windows\system32\SysRestore.dll
2009-01-05 18:43 . 2009-01-05 18:43 <DIR> d-------- c:\documents and settings\XP\Application Data\Canneverbe_Limited
2009-01-05 12:48 . 2009-01-05 12:48 <DIR> d-------- c:\windows\system32\N360_BACKUP
2009-01-05 10:51 . 2009-01-05 10:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg7
2009-01-04 21:24 . 2009-01-05 01:56 <DIR> d-------- c:\program files\Norton 360
2009-01-04 21:17 . 2009-01-07 00:54 <DIR> d-------- c:\program files\Symantec
2009-01-04 21:17 . 2009-01-07 00:54 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-04 21:17 . 2009-01-07 00:54 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-04 17:18 . 2009-01-04 17:18 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-04 17:11 . 2009-01-07 00:54 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-04 17:11 . 2009-01-07 00:54 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-30 16:59 . 2008-12-30 17:08 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-29 22:08 . 2008-12-29 22:08 <DIR> d-------- C:\VundoFix Backups
2008-12-29 16:15 . 2008-04-13 19:12 22,528 --a------ c:\windows\system32\wsock32.dlb
2008-12-29 16:14 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2008-12-29 16:14 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2008-12-28 23:45 . 2008-12-28 23:45 84 --a------ c:\windows\wininit.ini
2008-12-25 13:15 . 2009-01-14 13:42 <DIR> d-------- c:\program files\PopCap Games
2008-12-17 17:45 . 2008-12-17 17:44 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 18:17 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-16 08:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-15 18:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 18:37 --------- d-----w c:\program files\BestOn
2009-01-15 05:22 --------- d-----w c:\program files\Viewpoint
2009-01-15 05:22 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-15 05:19 --------- d-----w c:\program files\LimeWire
2009-01-14 05:23 --------- d-----w c:\program files\Stardock
2009-01-14 05:23 --------- d-----w c:\program files\Google
2009-01-14 05:23 --------- d-----w c:\program files\Common Files\Skype
2009-01-14 05:23 --------- d-----w c:\documents and settings\XP\Application Data\Apple Computer
2009-01-14 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-13 19:29 --------- d-----w c:\program files\OpenOffice.org 2.4
2009-01-12 00:08 --------- d-----w c:\documents and settings\XP\Application Data\OpenOffice.org2
2009-01-07 05:44 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-01-07 05:33 --------- d-----w c:\program files\YouTube Downloader
2009-01-07 05:33 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-06 18:22 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-06 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-05 15:52 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-05 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-05 15:46 --------- d-----w c:\program files\Lavasoft
2009-01-05 13:02 --------- d-----w c:\documents and settings\XP\Application Data\skypePM
2009-01-05 06:00 --------- d-----w c:\documents and settings\XP\Application Data\Symantec
2008-12-27 01:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-26 03:02 --------- d-----w c:\program files\Java
2008-12-26 02:25 --------- d-----w c:\program files\PConPoint
2008-12-26 02:25 --------- d-----w c:\program files\Audio Editor Gold
2008-12-26 02:23 --------- d-----w c:\program files\Luxor Amun Rising
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-17 21:22 --------- d-----w c:\documents and settings\XP\Application Data\LimeWire
2008-11-17 05:18 --------- d-----w c:\program files\GameTop.com
2008-11-17 05:05 --------- d-----w c:\program files\ReflexiveArcade
2008-06-16 17:28 88 --sh--r c:\documents and settings\All Users\Application Data\15046F1358.sys
2008-06-16 17:28 848 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-03-04 17:35 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-27 02:39 10 ----a-w c:\documents and settings\All Users\Application Data\mmrpplic.dat
2007-10-13 23:59 47,360 ----a-w c:\documents and settings\XP\Application Data\pcouffin.sys
2008-06-30 18:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-06-16 16:25 56 --sh--r c:\windows\system32\58136F0415.sys
2008-06-16 16:25 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-16_12.16.21.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-01-16 18:17:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_148.dat
+ 2009-01-16 18:17:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^XP^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 03:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"Apache2"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-05 99376]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-09-06 20608]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2003-10-08 32384]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2007-11-11 49399]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2009-01-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel
TCP: {7770A3DA-63B4-4AEB-BBB6-924D50CD6B4B} = 208.67.220.220,208.67.222.222
TCP: {A3E012DF-AFED-47D7-AF21-266C09B5A44D} = 208.67.220.220,208.67.222.222
TCP: {AB997EAD-EC2F-422F-83BD-FA4A1DAB0065} = 208.67.220.220,208.67.222.222
TCP: {E0376663-E96E-4BD0-A43A-2AAC2ABEFF70} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\XP\Application Data\Mozilla\Firefox\Profiles\gt72p4cx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 13:23:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-01-16 13:28:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-16 18:28:00
ComboFix2.txt 2009-01-16 17:19:32

Pre-Run: 23,466,590,208 bytes free
Post-Run: 23,342,010,368 bytes free

304 --- E O F --- 2009-01-16 08:15:49








HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:59 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7770A3DA-63B4-4AEB-BBB6-924D50CD6B4B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E012DF-AFED-47D7-AF21-266C09B5A44D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB997EAD-EC2F-422F-83BD-FA4A1DAB0065}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0376663-E96E-4BD0-A43A-2AAC2ABEFF70}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://ecx.images-amazon.com/images/I/21myoETYozL.jpg

--
End of file - 7276 bytes

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 16 January 2009 - 01:37 PM

Looks good.. Lets do an online scan to make sure we got them all...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 dakidromeo1

dakidromeo1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 17 January 2009 - 12:31 AM

Here is the ESET scan log



# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3772 (20090116)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=dfc7c2592ed3bf46b3107f8024fc2848
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-17 05:24:16
# local_time=2009-01-17 12:24:16 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=190207
# found=7
# scan_time=3480
C:\Documents and Settings\XP\My Documents\Flash Drive Software\Final_Uninstaller_2.1.1_PORTABLE.rar multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\XP\My Documents\Flash Drive Software\Final_Uninstaller_2.1.1_PORTABLE.rar »RAR »Final_Uninstaller_2.1.1_PORTABLE\Final Uninstaller 2.1.1 PORTABLE\crack_zsAWz.exe Win32/Adware.Virtumonde application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\XP\My Documents\Flash Drive Software\Final_Uninstaller_2.1.1_PORTABLE.rar »RAR »Final_Uninstaller_2.1.1_PORTABLE\Final Uninstaller 2.1.1 PORTABLE\keygen_ultra.zip a variant of Win32/Adware.IeDefender.NIC application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\XP\My Documents\Flash Drive Software\Final_Uninstaller_2.1.1_PORTABLE.rar »RAR »Final_Uninstaller_2.1.1_PORTABLE\Final Uninstaller 2.1.1 PORTABLE\keygen_ultra.zip »ZIP »keygen_ultra.exe a variant of Win32/Adware.IeDefender.NIC application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\XP\Shared\nelly furtado - Promiscuous girl.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) A71A7EDEAC1CEEE4B5B945973DBB0447
C:\Program Files\Search Settings\SearchSettings.exe Win32/Adware.Toolbar.Dealio application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\ConTest.dll Win32/Adware.Ascentive application (unable to clean - deleted) 00000000000000000000000000000000

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 17 January 2009 - 02:38 AM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users