Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help With Trojan BHO Trojan Vundo & Trojan Agent


  • This topic is locked This topic is locked
10 replies to this topic

#1 HARLEMWORLD

HARLEMWORLD

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 January 2009 - 08:18 PM

i dont know how i got all three of these trojans on my computer but i try everythin to remove them and they just keep coming back i used windows defender, symantec antivirus but they dont find anything. the only thing that helps is the malwarebytes antimalware and it finds and eliminates the trojans but they just pop back up the next day
they make my computer real slow it takes forever just to open the internet and its driving me crazy please help
here is my DDS.txt log and thanks in advance


DDS (Ver_09-01-07.01) - NTFSx86
Run by Luis Ocampo at 20:01:53.56 on Wed 01/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.352 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Symantec\WinFax\wfxctl32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Luis Ocampo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {0722f0e9-729a-6bfb-bc14-4153ce3341b2}: {2b1433ec-3514-41cb-bfb6-a9279e0f2270} - c:\windows\system32\hdsucd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - No File
BHO: {a59e3d3d-4528-468e-a977-53e9fa98a70c} - c:\windows\system32\xxyxYsPi.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: {be8b65e0-d993-4c18-a5d6-9fb86be8017a} - c:\windows\system32\muhemive.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [ares ultra] c:\program files\ares ultra\Ares Ultra.exe -h
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NewsUpd] c:\program files\creative\news\NewsUpd.EXE /q
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mamosaluse] Rundll32.exe "c:\windows\system32\rijedatu.dll",s
mRun: [8c7c873e] rundll32.exe "c:\windows\system32\vajoneyo.dll",b
mRun: [CPM8f4fb4a2] Rundll32.exe "c:\windows\system32\renayoli.dll",a
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\luisoc~1\startm~1\programs\startup\winfax~2.lnk - c:\windows\system32\wfxsnt40.exe
StartupFolder: c:\docume~1\luisoc~1\startm~1\programs\startup\winfax~1.lnk - c:\program files\symantec\winfax\wfxctl32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Filter: text/html - {4524b296-b1c5-4ef9-b6e9-788e2f12dcb6} -
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\windows\system32\vegozadi.dll c:\windows\system32\jahomayo.dll c:\windows\system32\renayoli.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\renayoli.dll
STS: {fc7cbb1b-2da6-4e7d-a1ea-bf6705dd0f8c} - No File
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\renayoli.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyxYsPi
LSA: Notification Packages = scecli c:\windows\system32\vegozadi.dll c:\windows\system32\jahomayo.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-19 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081212.004\naveng.sys [2008-12-12 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081212.004\navex15.sys [2008-12-12 876112]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2008-2-10 99248]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-30 24652]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]

=============== Created Last 30 ================

2009-01-14 16:03 <DIR> --d----- C:\CODE_NAME_THE_CLEANER_V3
2009-01-14 13:47 1,318,334 ---sh--- c:\windows\system32\oyenojav.ini
2009-01-14 13:47 131,684 a--sh--- c:\windows\system32\hdsucd.dll
2009-01-14 00:52 131,916 a--sh--- c:\windows\system32\fzqwlg.dll
2009-01-13 12:53 131,876 a--sh--- c:\windows\system32\jcbmay.dll
2009-01-13 00:42 131,766 a--sh--- c:\windows\system32\toqoeh.dll
2009-01-12 13:23 131,706 a------- c:\windows\system32\uatrsh.dll
2009-01-05 12:55 1,262,157 ---sh--- c:\windows\system32\asudevin.ini
2009-01-01 04:00 1,085,440 a------- c:\windows\system32\rn.tmp
2008-12-22 23:49 271,319 a------- c:\windows\system32\a.exe
2008-12-21 21:35 1,603,449 ---sh--- c:\windows\system32\uhiyozey.ini
2008-12-20 21:23 <DIR> --dsh--- C:\found.001
2008-12-18 22:35 <DIR> --d----- c:\docume~1\luisoc~1\applic~1\Malwarebytes
2008-12-17 12:40 1,603,844 ---sh--- c:\windows\system32\itogurif.ini
2008-12-16 23:16 1,646,211 ---sh--- c:\windows\system32\mniecxrf.ini
2008-12-16 23:13 888,996 a--sh--- c:\windows\system32\iPsYxyxx.ini2
2008-12-16 23:13 888,996 a--sh--- c:\windows\system32\iPsYxyxx.ini
2008-12-16 23:08 70,144 a------- c:\windows\system32\fccdddEW.dll

==================== Find3M ====================

2009-01-14 13:47 87,842 a--sh--- c:\windows\system32\vajoneyo.dll
2009-01-14 13:46 131,684 a--sh--- c:\windows\system32\doluwuhi.dll
2009-01-14 13:46 101,532 a--sh--- c:\windows\system32\renayoli.dll
2009-01-14 00:52 131,916 a--sh--- c:\windows\system32\zagubura.dll
2009-01-14 00:52 99,648 a--sh--- c:\windows\system32\besohaki.dll
2009-01-13 12:53 131,876 a--sh--- c:\windows\system32\nunoloje.dll
2009-01-13 12:53 100,047 a--sh--- c:\windows\system32\mohasobi.dll
2009-01-13 00:42 131,766 a--sh--- c:\windows\system32\divosimu.dll
2009-01-13 00:42 100,082 a--sh--- c:\windows\system32\nefavega.dll
2009-01-12 13:23 131,706 a------- c:\windows\system32\jebufijo.dll
2009-01-12 13:23 100,424 a------- c:\windows\system32\pimimoso.dll
2009-01-12 11:43 63,640 a--sh--- c:\windows\system32\piwagali.dll
2009-01-10 19:07 105,783 a--sh--- c:\windows\system32\dogumivu.dll
2009-01-09 22:32 104,710 a--sh--- c:\windows\system32\yimipivu.dll
2009-01-09 21:33 102,057 a--sh--- c:\windows\system32\febudipi.dll
2009-01-09 21:33 66,702 a--sh--- c:\windows\system32\sebiniha.dll
2009-01-08 19:30 103,215 a--sh--- c:\windows\system32\kefuzego.dll
2009-01-08 12:49 67,851 a--sh--- c:\windows\system32\vabofoka.dll
2009-01-08 12:49 102,181 a--sh--- c:\windows\system32\majubilu.dll
2009-01-07 19:53 104,652 a--sh--- c:\windows\system32\hulifeki.dll
2009-01-06 13:32 102,013 a--sh--- c:\windows\system32\davafuhu.dll
2009-01-06 13:32 68,380 a--sh--- c:\windows\system32\dozepiwa.dll
2009-01-06 01:32 98,069 a--sh--- c:\windows\system32\hatasefa.dll
2009-01-05 12:55 99,066 a--sh--- c:\windows\system32\gojobeju.dll
2009-01-02 11:12 97,079 a--sh--- c:\windows\system32\raganapo.dll
2009-01-01 15:49 96,939 a--sh--- c:\windows\system32\suzusede.dll
2009-01-01 02:06 100,582 a--sh--- c:\windows\system32\nonabefa.dll
2008-12-31 14:03 61,626 a--sh--- c:\windows\system32\dowikabu.dll
2008-12-31 14:03 99,030 a--sh--- c:\windows\system32\vuvimuwe.dll
2008-12-28 22:16 99,451 a--sh--- c:\windows\system32\kehitulo.dll
2008-12-28 08:31 99,084 a--sh--- c:\windows\system32\mekawiba.dll
2008-12-28 00:29 61,100 a--sh--- c:\windows\system32\javinete.dll
2008-12-27 01:37 97,966 a--sh--- c:\windows\system32\feyimupa.dll
2008-12-26 12:46 96,544 a--sh--- c:\windows\system32\tumaveko.dll
2008-12-26 00:47 95,914 a--sh--- c:\windows\system32\rehotiza.dll
2008-12-24 22:11 99,103 a--sh--- c:\windows\system32\wujeluhe.dll
2008-12-24 10:11 99,097 a--sh--- c:\windows\system32\visujowo.dll
2008-12-23 13:08 96,482 a--sh--- c:\windows\system32\sibimemo.dll
2008-12-23 13:08 61,577 a--sh--- c:\windows\system32\kopuwiro.dll
2008-12-22 18:35 95,882 a--sh--- c:\windows\system32\rewuguti.dll
2008-12-21 21:35 97,889 a--sh--- c:\windows\system32\sufokiyu.dll
2008-12-20 20:36 98,015 a--sh--- c:\windows\system32\fumupofo.dll
2008-12-19 23:51 94,894 a--sh--- c:\windows\system32\lujetifi.dll
2008-12-19 11:51 95,956 a--sh--- c:\windows\system32\yapipije.dll
2008-12-18 15:51 95,982 a--sh--- c:\windows\system32\towozoha.dll
2008-12-17 12:40 93,758 a--sh--- c:\windows\system32\gazeyuha.dll
2008-12-17 00:06 94,904 a--sh--- c:\windows\system32\dukotova.dll
2008-12-17 00:06 62,672 a--sh--- c:\windows\system32\wuhomuro.dll
2008-12-08 21:47 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-08-23 23:27 3,813 a------- c:\documents and settings\all users\test.exe
2008-01-08 20:35 87,608 a------- c:\docume~1\luisoc~1\applic~1\inst.exe
2008-01-08 20:35 47,360 a------- c:\docume~1\luisoc~1\applic~1\pcouffin.sys
2007-05-09 20:58 81,920 a------- c:\docume~1\luisoc~1\applic~1\ezpinst.exe
0000-00-00 00:00 64,512 a--sh--- c:\windows\system32\boyesofo.dll
2008-09-28 00:29 61,100 a--sh--- c:\windows\system32\dezifamu.dll
2008-09-28 00:29 61,100 a--sh--- c:\windows\system32\duwedeba.dll
2008-09-28 00:29 95,744 a--sh--- c:\windows\system32\duweweba.dll
0000-00-00 00:00 63,640 a--sh--- c:\windows\system32\jahomayo.dll
2008-09-28 00:29 61,100 a--sh--- c:\windows\system32\puvutabo.dll
2008-09-30 15:07 61,507 a--sh--- c:\windows\system32\vegozadi(2).dll
0000-00-00 00:00 28,672 a--sh--- c:\windows\system32\zejohavu.dll
2008-09-19 14:28 32,768 a--sh--- c:\windows\temp\history\history.ie5\mshist012008091920080920\index.dat

============= FINISH: 20:02:51.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 January 2009 - 04:26 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 HARLEMWORLD

HARLEMWORLD
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 16 January 2009 - 10:16 PM

thanks 4 the reply
heres the malwarebytes log

Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 5.1.2600 Service Pack 3

1/16/2009 8:31:22 PM
mbam-log-2009-01-16 (20-31-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 156944
Time elapsed: 2 hour(s), 24 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 18
Registry Values Infected: 8
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 55

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sofapohe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hdsucd.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b1433ec-3514-41cb-bfb6-a9279e0f2270} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b1433ec-3514-41cb-bfb6-a9279e0f2270} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be8b65e0-d993-4c18-a5d6-9fb86be8017a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{be8b65e0-d993-4c18-a5d6-9fb86be8017a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b1433ec-3514-41cb-bfb6-a9279e0f2270} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dde5591-a8ab-4897-93ef-1e4e943f85a7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8c7c873e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm8f4fb4a2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mamosaluse (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{fc7cbb1b-2da6-4e7d-a1ea-bf6705dd0f8c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc5q4j0ep87 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\hdsucd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sofapohe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ehopafos.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vajoneyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oyenojav.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5F427552-E910-49D6-8E37-D9412791D57A}\RP2\A0000235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5F427552-E910-49D6-8E37-D9412791D57A}\RP2\A0000236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5F427552-E910-49D6-8E37-D9412791D57A}\RP7\A0008941.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5F427552-E910-49D6-8E37-D9412791D57A}(2)\RP61\A0038543.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5F427552-E910-49D6-8E37-D9412791D57A}(2)\RP62\A0038557.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5F427552-E910-49D6-8E37-D9412791D57A}(2)\RP62\A0038558.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\feyimupa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fumupofo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fzqwlg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jcbmay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jebufijo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kehitulo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mekawiba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pimimoso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rewuguti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sibimemo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sufokiyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\weziroze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\doluwuhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duweweba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mohasobi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\toqoeh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\towozoha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rehotiza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\renayoli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\boyesofo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wujeluhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxafbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nunoloje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yapipije.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zagubura.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zejohavu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tumaveko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uatrsh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\divosimu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujetifi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\visujowo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TMP00000045B6FE1098894613F0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmp12.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmp14.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmp37.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sebiniha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gojobeju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuhomuro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\davafuhu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hulifeki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dozepiwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dezifamu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Heres the RSIT log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Luis Ocampo at 2009-01-16 20:38:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (3%) free of 305 GB
Total RAM: 1023 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:59 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Symantec\WinFax\wfxctl32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Luis Ocampo\Desktop\RSIT.exe
C:\Program Files\trend micro\Luis Ocampo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {A59E3D3D-4528-468E-A977-53E9FA98A70C} - C:\WINDOWS\system32\xxyxYsPi.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares ultra] C:\Program Files\Ares Ultra\Ares Ultra.exe -h
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe
O4 - Startup: WinFax PRO Controller.lnk = C:\Program Files\Symantec\WinFax\wfxctl32.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177792628156
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Filter hijack: text/html - {4524b296-b1c5-4ef9-b6e9-788e2f12dcb6} - C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\vegozadi.dll,C:\WINDOWS\system32\vabuzano.dll c:\windows\system32\zabunego.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 12953 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\fzrhktqp.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Security Scan for Luis Ocampo.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-08 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A59E3D3D-4528-468E-A977-53E9FA98A70C}]
C:\WINDOWS\system32\xxyxYsPi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-01-31 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-31 2403392]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2008-06-10 245760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-06-15 124656]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NewsUpd"=C:\Program Files\Creative\News\NewsUpd.EXE [2000-08-04 44032]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-08 136600]
"lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]
"lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-04-29 158624]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-15 153136]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-07 149040]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []
"ares ultra"=C:\Program Files\Ares Ultra\Ares Ultra.exe -h []
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2008-06-10 785520]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe [2005-02-25 212992]
"NvMediaCenter"=C:\WINDOWS\system32\NVMCTRAY.DLL [2003-10-06 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Documents and Settings\Luis Ocampo\Start Menu\Programs\Startup
WinFax Application Port Starter.lnk - C:\WINDOWS\system32\wfxsnt40.exe
WinFax PRO Controller.lnk - C:\Program Files\Symantec\WinFax\wfxctl32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\vegozadi.dll,C:\WINDOWS\system32\vabuzano.dll c:\windows\system32\zabunego.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\xxyxYsPi
"notification packages"=scecli
C:\WINDOWS\system32\vegozadi.dll
C:\WINDOWS\system32\vabuzano.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Documents and Settings\Luis Ocampo\My Documents\Ares\Ares.exe"="C:\Documents and Settings\Luis Ocampo\My Documents\Ares\Ares.exe:*:Disabled:Ares p2p for windows"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Luis Ocampo\My Documents\LimeWire\LimeWire.exe"="C:\Documents and Settings\Luis Ocampo\My Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Symantec\WinFax\wfxctl32.exe"="C:\Program Files\Symantec\WinFax\wfxctl32.exe:*:Enabled:wfxctl32"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "
"C:\Program Files\Creative\News\NewsUpd.exe"="C:\Program Files\Creative\News\NewsUpd.exe:*:Enabled:NewsUpd"
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zijaputa.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yudegoku.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yimipivu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vuvimuwe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vutojisi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vabofoka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\teteripe.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\suzusede.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rawuyona.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\raganapo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\piwagali.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pakurowe.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nonabefa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nefavega.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mepawadi.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\majubilu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lofiketo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kiganopo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kefuzego.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jonotama.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jazejumi.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jahomayo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hatasefa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\febudipi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dudeheru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dowikabu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dogumivu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bolanefi.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\besohaki.dll
2009-01-16 20:38:51 ----D---- C:\rsit
2009-01-16 20:38:51 ----D---- C:\Program Files\trend micro
2009-01-15 22:10:56 ----A---- C:\WINDOWS\system32\cygdcjom.exe
2009-01-15 22:09:26 ----SH---- C:\WINDOWS\system32\idiyiwel.ini
2009-01-14 16:03:47 ----D---- C:\CODE_NAME_THE_CLEANER_V3
2009-01-14 01:50:03 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-05 12:55:38 ----SH---- C:\WINDOWS\system32\asudevin.ini
2008-12-29 01:12:08 ----A---- C:\VundoFix.txt
2008-12-21 21:35:53 ----SH---- C:\WINDOWS\system32\uhiyozey.ini
2008-12-20 21:23:25 ----SHD---- C:\found.001
2008-12-18 22:35:55 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\Malwarebytes
2008-12-17 12:40:59 ----SH---- C:\WINDOWS\system32\itogurif.ini
2008-12-16 23:16:49 ----SH---- C:\WINDOWS\system32\mniecxrf.ini
2008-12-16 23:14:41 ----A---- C:\WINDOWS\system32\875f4340-.txt
2008-12-16 23:13:46 ----ASH---- C:\WINDOWS\system32\iPsYxyxx.ini2
2008-12-16 23:13:45 ----ASH---- C:\WINDOWS\system32\iPsYxyxx.ini
2008-12-16 23:08:37 ----A---- C:\WINDOWS\system32\fccdddEW.dll
2008-12-14 16:32:12 ----D---- C:\WINDOWS\system32\Adobe
2008-12-12 13:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 13:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 13:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 13:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-08 21:49:20 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-08 21:49:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-08 21:49:19 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-08 21:49:19 ----A---- C:\WINDOWS\system32\java.exe
2008-11-24 11:42:39 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 11:38:46 ----D---- C:\Program Files\QuickTime
2008-11-17 21:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-17 21:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-17 21:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-17 19:00:53 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-11-17 17:21:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-17 15:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-11-17 15:29:17 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\Snapfish
2008-11-17 15:27:13 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\Simple Star
2008-11-17 15:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-11-17 15:22:17 ----N---- C:\WINDOWS\UNAheadManual.exe
2008-11-17 15:18:47 ----D---- C:\Program Files\Ahead
2008-11-02 16:13:06 ----D---- C:\Program Files\Common Files\LightScribe
2008-10-23 19:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 3 months======

2009-01-16 20:38:59 ----D---- C:\WINDOWS\Prefetch
2009-01-16 20:38:51 ----RD---- C:\Program Files
2009-01-16 20:37:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-16 20:37:07 ----SD---- C:\WINDOWS\Tasks
2009-01-16 20:35:30 ----A---- C:\WINDOWS\win.ini
2009-01-16 20:34:37 ----D---- C:\WINDOWS\Temp
2009-01-16 20:33:18 ----D---- C:\WINDOWS\system32\drivers
2009-01-16 20:33:18 ----D---- C:\WINDOWS\system32
2009-01-16 20:33:18 ----D---- C:\WINDOWS
2009-01-16 20:32:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-16 17:18:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-16 00:37:54 ----D---- C:\Program Files\iTunes
2009-01-15 22:10:19 ----D---- C:\Program Files\Google
2009-01-14 18:42:00 ----D---- C:\Program Files\Lx_cats
2009-01-14 16:46:27 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-01-09 00:43:07 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\LimeWire
2009-01-02 01:56:16 ----D---- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
2008-12-30 15:30:07 ----D---- C:\WINDOWS\system32\config
2008-12-30 15:29:20 ----D---- C:\WINDOWS\system32\wbem
2008-12-30 15:29:19 ----D---- C:\WINDOWS\Registration
2008-12-28 23:58:51 ----SHD---- C:\System Volume Information
2008-12-28 23:58:51 ----D---- C:\WINDOWS\system32\Restore
2008-12-28 00:29:09 ----ASH---- C:\WINDOWS\system32\javinete.dll
2008-12-26 23:19:04 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\1ClickDVDCopy
2008-12-23 13:08:23 ----ASH---- C:\WINDOWS\system32\kopuwiro.dll
2008-12-21 20:58:27 ----SH---- C:\boot.ini
2008-12-21 20:58:27 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-20 21:06:37 ----SHD---- C:\WINDOWS\Installer
2008-12-20 21:05:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 21:05:41 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-19 12:05:16 ----D---- C:\WINDOWS\Help
2008-12-18 23:43:37 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-12-17 12:40:51 ----ASH---- C:\WINDOWS\system32\gazeyuha.dll
2008-12-17 00:06:55 ----ASH---- C:\WINDOWS\system32\dukotova.dll
2008-12-16 23:06:14 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-16 11:30:33 ----HD---- C:\WINDOWS\inf
2008-12-12 13:06:34 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 13:06:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-12 13:06:25 ----D---- C:\Program Files\Internet Explorer
2008-12-12 13:06:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-08 21:47:02 ----D---- C:\Program Files\Java
2008-11-24 11:42:44 ----D---- C:\Program Files\iPod
2008-11-24 11:42:42 ----D---- C:\Program Files\Common Files\Apple
2008-11-24 11:31:59 ----D---- C:\Program Files\Safari
2008-11-20 15:38:13 ----A---- C:\WINDOWS\ModemLog_Conexant SmartHSFi V92 56K DF PCI Modem.txt
2008-11-17 21:11:14 ----D---- C:\WINDOWS\WinSxS
2008-11-17 19:02:09 ----D---- C:\Program Files\AIM6
2008-11-17 19:00:55 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-17 19:00:03 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-11-17 15:36:24 ----D---- C:\Program Files\Common Files\Ahead
2008-11-17 15:33:26 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-11-17 15:27:13 ----D---- C:\Program Files\Nero
2008-11-17 15:27:12 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\Ahead
2008-11-17 15:20:35 ----D---- C:\Program Files\Common Files\Nero
2008-11-07 15:40:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-02 16:13:06 ----D---- C:\Program Files\Common Files
2008-11-02 08:33:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-17 02:08:40 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 40704]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-19 139776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2002-08-20 1175536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2002-08-20 170499]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-08 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2002-08-20 604240]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTSvcCDA.exe [1999-12-13 44032]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-08 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-02 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-10-06 81920]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 61856]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-07 271920]
S2 wfxsvc;WinFax PRO; C:\WINDOWS\system32\WFXSVC.EXE [1997-04-30 90112]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-31 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-05-07 779824]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-04-29 5065120]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 245664]

-----------------EOF-----------------


Heres the RSIT info.txt


info.txt logfile of random's system information tool 1.05 2009-01-16 20:39:03

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Audio2K\CTMixer.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Audio2K\Keytar\Keytar.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Audio2K\Midi.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Audio2K\PlayCenter\Player.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Audio2K\Recorder\Recorder.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Audio2K\WaveStudio\Wstudio.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
-->C:\WINDOWS\UNAheadManual.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 5.0.3.5-->"C:\Program Files\LG Software Innovations\1Click DVD Copy 5\unins000.exe"
1Click DVDTOIPOD 1.1.1.6-->"C:\Program Files\LG Software Innovations\1Click DVDTOIPOD\unins000.exe"
Active@ File Recovery 7.1-->C:\Documents and Settings\Luis Ocampo\My Documents\Active File Recovery\UNWISE.EXE C:\Documents and Settings\Luis Ocampo\My Documents\Active File Recovery\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
All Media Fixer 8.2-->"C:\Program Files\All Media Fixer\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASF-AVI-RM-WMV Repair 1.82-->"C:\Program Files\ASF-AVI-RM-WMV Repair\unins000.exe"
Ask Toolbar-->rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O
Boggle-->"C:\Program Files\Oberon Media\Boggle\Uninstall.exe" "C:\Program Files\Oberon Media\Boggle\install.log"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CD LabelMaker-->C:\Program Files\Memorex\CD LabelMaker\uninstall.exe CD LabelMaker
Conexant SmartHSFi V92 56K DF PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
DatPiff Downloader (remove only)-->"C:\Program Files\DatPiff\DatPiff Downloader\uninstall.exe"
Dcads Games Collection-->C:\Program Files\Dcads Games Collection\uninstall.exe
Dell AIO Printer A920-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dr. DivX 2.0 OSS-->C:\Program Files\DivX\Dr. DivX 2.0 OSS\Remove.exe
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Documents and Settings\Luis Ocampo\My Documents\DVD Shrink\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
ffdshow [rev 610] [2006-12-01]-->"C:\Documents and Settings\Luis Ocampo\My Documents\My Music\iTunes\GUI\ffdshow\unins000.exe"
Freeze Clip Art-->"C:\PROGRA~1\Freeze Clip Art\UNINSTAL.EXE"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iGadget 2.0.4.0-->"C:\Program Files\Purple Ghost\iGadget\unins000.exe"
Imikimi Plugin-->"C:\Program Files\Imikimi\uninstall.exe"
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod for Windows 2005-11-17-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iPod Media Studio 1.0-->C:\PROGRA~1\Makayama.com\IPODME~1\Setup.exe /remove /q0
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_80379b\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LimeWire PRO 4.18.8-->"C:\Documents and Settings\Luis Ocampo\My Documents\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Studio for iPod® and iPhone® 3.5.1 demo-->C:\PROGRA~1\Makayama.com\MEDIAS~1\Setup.exe /remove /q0
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Essentials-->MsiExec.exe /X{E11BD6A7-5046-4D25-ABCB-386A54F71033}
Nero PhotoShow Express-->"C:\Program Files\Nero\data\Xtras\Uninstall.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Display Driver-->C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Recover My iPod-->"C:\Program Files\GetData\Recover My iPod\unins000.exe"
Safari-->MsiExec.exe /I{34F85A4D-03CC-428A-80A4-880228646518}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sound Blaster 16 PCI-->C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Symantec AntiVirus-->MsiExec.exe /I{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VirtualLab Client 5.5.15-->"C:\Program Files\BinaryBiz\VirtualLab5\unins000.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFax PRO-->C:\WINDOWS\WFUNINST.EXE /PWinFax /V7.0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
YoutubeGet 4-->"C:\Program Files\YoutubeGet\unins000.exe"
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Security center information======

AV: Symantec AntiVirus Corporate Edition

System event log

Computer Name: LUISO
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 6257
Source Name: Service Control Manager
Time Written: 20081231140309.000000-300
Event Type: information
User:

Computer Name: LUISO
Event Code: 7000
Message: The WinFax PRO service failed to start due to the following error:
The service did not start due to a logon failure.


Record Number: 6256
Source Name: Service Control Manager
Time Written: 20081231140309.000000-300
Event Type: error
User:

Computer Name: LUISO
Event Code: 7038
Message: The wfxsvc service was unable to log on as .\Luis Ocampo with the currently configured
password due to the following error:
Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.


To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Record Number: 6255
Source Name: Service Control Manager
Time Written: 20081231140309.000000-300
Event Type: error
User:

Computer Name: LUISO
Event Code: 7023
Message: The HID Input Service service terminated with the following error:
The specified module could not be found.


Record Number: 6254
Source Name: Service Control Manager
Time Written: 20081231140309.000000-300
Event Type: error
User:

Computer Name: LUISO
Event Code: 35
Message: The time service is now synchronizing the system time with the time
source time.windows.com (ntp.m|0x1|192.168.1.106:123->207.46.197.32:123).

Record Number: 6253
Source Name: W32Time
Time Written: 20081231140258.000000-300
Event Type: information
User:

Application event log

Computer Name: LUISO
Event Code: 0
Message:
Record Number: 32095
Source Name: Viewpoint Manager Service
Time Written: 20081208141854.000000-300
Event Type: information
User:

Computer Name: LUISO
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 32094
Source Name: LightScribeService
Time Written: 20081208141843.000000-300
Event Type: information
User:

Computer Name: LUISO
Event Code: 1
Message:
Record Number: 32093
Source Name: Bonjour Service
Time Written: 20081208141836.000000-300
Event Type: information
User:

Computer Name: LUISO
Event Code: 105
Message: The service was started.

Record Number: 32092
Source Name: Creative Service for CDROM Access
Time Written: 20081208141835.000000-300
Event Type: information
User:

Computer Name: LUISO
Event Code: 35
Message: The 'Symantec Event Manager' service has started.

Record Number: 32091
Source Name: ccEvtMgr
Time Written: 20081208141824.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 17 January 2009 - 02:28 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)
4. Ask Toolbar




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {A59E3D3D-4528-468E-A977-53E9FA98A70C} - C:\WINDOWS\system32\xxyxYsPi.dll (file missing)
O18 - Filter hijack: text/html - {4524b296-b1c5-4ef9-b6e9-788e2f12dcb6} - C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\vegozadi.dll,C:\WINDOWS\system32\vabuzano.dll c:\windows\system32\zabunego.dll


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    c:\windows\system32\zejohavu.dll
    c:\windows\system32\jahomayo.dll
    c:\windows\system32\boyesofo.dll
    C:\WINDOWS\tasks\fzrhktqp.job
    C:\WINDOWS\system32\xxyxYsPi.dll
    C:\WINDOWS\system32\msiebbar.dll
    C:\WINDOWS\system32\vegozadi.dll
    C:\WINDOWS\system32\vabuzano.dll
    c:\windows\system32\zabunego.dll
    C:\WINDOWS\system32\zijaputa.dll.tmp
    C:\WINDOWS\system32\yudegoku.dll.tmp
    C:\WINDOWS\system32\yimipivu.dll
    C:\WINDOWS\system32\vuvimuwe.dll
    C:\WINDOWS\system32\vutojisi.dll
    C:\WINDOWS\system32\vabofoka.dll
    C:\WINDOWS\system32\teteripe.dll.tmp
    C:\WINDOWS\system32\suzusede.dll
    C:\WINDOWS\system32\rawuyona.dll.tmp
    C:\WINDOWS\system32\raganapo.dll
    C:\WINDOWS\system32\piwagali.dll
    C:\WINDOWS\system32\pakurowe.dll.tmp
    C:\WINDOWS\system32\nonabefa.dll
    C:\WINDOWS\system32\nefavega.dll
    C:\WINDOWS\system32\mepawadi.dll.tmp
    C:\WINDOWS\system32\majubilu.dll
    C:\WINDOWS\system32\lofiketo.dll.tmp
    C:\WINDOWS\system32\kiganopo.dll.tmp
    C:\WINDOWS\system32\kefuzego.dll
    C:\WINDOWS\system32\jonotama.dll.tmp
    C:\WINDOWS\system32\jazejumi.dll.tmp
    C:\WINDOWS\system32\jahomayo.dll.tmp
    C:\WINDOWS\system32\hatasefa.dll
    C:\WINDOWS\system32\febudipi.dll
    C:\WINDOWS\system32\dudeheru.dll
    C:\WINDOWS\system32\dowikabu.dll
    C:\WINDOWS\system32\dogumivu.dll
    C:\WINDOWS\system32\bolanefi.dll.tmp
    C:\WINDOWS\system32\besohaki.dll
    C:\WINDOWS\system32\cygdcjom.exe
    C:\WINDOWS\system32\idiyiwel.ini
    C:\WINDOWS\system32\asudevin.ini
    C:\WINDOWS\system32\uhiyozey.ini
    C:\WINDOWS\system32\itogurif.ini
    C:\WINDOWS\system32\mniecxrf.ini
    C:\WINDOWS\system32\875f4340-.txt
    C:\WINDOWS\system32\iPsYxyxx.ini2
    C:\WINDOWS\system32\iPsYxyxx.ini
    C:\WINDOWS\system32\fccdddEW.dll
    C:\WINDOWS\system32\javinete.dll
    C:\WINDOWS\system32\kopuwiro.dll
    C:\WINDOWS\system32\gazeyuha.dll
    C:\WINDOWS\system32\dukotova.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A59E3D3D-4528-468E-A977-53E9FA98A70C}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT and then DDS again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt
3. DDS.txt

Edited by fenzodahl512, 17 January 2009 - 02:30 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 26 January 2009 - 06:41 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 26 January 2009 - 11:13 PM

Reopen as per user request.. Be advised that I will be unavailable from 28 Jan until 2 Feb...

Post the requested logs please..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 HARLEMWORLD

HARLEMWORLD
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 27 January 2009 - 08:08 PM

thanks again
but i could not find these entries in the hijackthis program
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {A59E3D3D-4528-468E-A977-53E9FA98A70C} - C:\WINDOWS\system32\xxyxYsPi.dll (file missing)
but i found the other 2

okay here is the OTMoveIt3 log


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder c:\windows\system32\zejohavu.dll not found.
File/Folder c:\windows\system32\jahomayo.dll not found.
File/Folder c:\windows\system32\boyesofo.dll not found.
File/Folder C:\WINDOWS\tasks\fzrhktqp.job not found.
File/Folder C:\WINDOWS\system32\xxyxYsPi.dll not found.
File/Folder C:\WINDOWS\system32\msiebbar.dll not found.
File/Folder C:\WINDOWS\system32\vegozadi.dll not found.
File/Folder C:\WINDOWS\system32\vabuzano.dll not found.
File/Folder c:\windows\system32\zabunego.dll not found.
File/Folder C:\WINDOWS\system32\zijaputa.dll.tmp not found.
File/Folder C:\WINDOWS\system32\yudegoku.dll.tmp not found.
File/Folder C:\WINDOWS\system32\yimipivu.dll not found.
File/Folder C:\WINDOWS\system32\vuvimuwe.dll not found.
File/Folder C:\WINDOWS\system32\vutojisi.dll not found.
File/Folder C:\WINDOWS\system32\vabofoka.dll not found.
File/Folder C:\WINDOWS\system32\teteripe.dll.tmp not found.
File/Folder C:\WINDOWS\system32\suzusede.dll not found.
File/Folder C:\WINDOWS\system32\rawuyona.dll.tmp not found.
File/Folder C:\WINDOWS\system32\raganapo.dll not found.
File/Folder C:\WINDOWS\system32\piwagali.dll not found.
File/Folder C:\WINDOWS\system32\pakurowe.dll.tmp not found.
File/Folder C:\WINDOWS\system32\nonabefa.dll not found.
File/Folder C:\WINDOWS\system32\nefavega.dll not found.
File/Folder C:\WINDOWS\system32\mepawadi.dll.tmp not found.
File/Folder C:\WINDOWS\system32\majubilu.dll not found.
File/Folder C:\WINDOWS\system32\lofiketo.dll.tmp not found.
File/Folder C:\WINDOWS\system32\kiganopo.dll.tmp not found.
File/Folder C:\WINDOWS\system32\kefuzego.dll not found.
File/Folder C:\WINDOWS\system32\jonotama.dll.tmp not found.
File/Folder C:\WINDOWS\system32\jazejumi.dll.tmp not found.
File/Folder C:\WINDOWS\system32\jahomayo.dll.tmp not found.
File/Folder C:\WINDOWS\system32\hatasefa.dll not found.
File/Folder C:\WINDOWS\system32\febudipi.dll not found.
File/Folder C:\WINDOWS\system32\dudeheru.dll not found.
File/Folder C:\WINDOWS\system32\dowikabu.dll not found.
File/Folder C:\WINDOWS\system32\dogumivu.dll not found.
File/Folder C:\WINDOWS\system32\bolanefi.dll.tmp not found.
File/Folder C:\WINDOWS\system32\besohaki.dll not found.
File/Folder C:\WINDOWS\system32\cygdcjom.exe not found.
File/Folder C:\WINDOWS\system32\idiyiwel.ini not found.
File/Folder C:\WINDOWS\system32\asudevin.ini not found.
File/Folder C:\WINDOWS\system32\uhiyozey.ini not found.
File/Folder C:\WINDOWS\system32\itogurif.ini not found.
File/Folder C:\WINDOWS\system32\mniecxrf.ini not found.
File/Folder C:\WINDOWS\system32\875f4340-.txt not found.
File/Folder C:\WINDOWS\system32\iPsYxyxx.ini2 not found.
File/Folder C:\WINDOWS\system32\iPsYxyxx.ini not found.
File/Folder C:\WINDOWS\system32\fccdddEW.dll not found.
File/Folder C:\WINDOWS\system32\javinete.dll not found.
File/Folder C:\WINDOWS\system32\kopuwiro.dll not found.
File/Folder C:\WINDOWS\system32\gazeyuha.dll not found.
File/Folder C:\WINDOWS\system32\dukotova.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A59E3D3D-4528-468E-A977-53E9FA98A70C}\\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\LUISOC~1\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4e8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP000000AD8022C346F17D03E6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP00000620166F5AF32CE4DB0B scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01272009_192950

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\LUISOC~1\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\LUISOC~1\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\LUISOC~1\LOCALS~1\Temp\IadHide5.dll moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4e8.dat not found!
File C:\WINDOWS\temp\TMP000000AD8022C346F17D03E6 not found!
File C:\WINDOWS\temp\TMP00000620166F5AF32CE4DB0B not found!


here is the RSIT log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Luis Ocampo at 2009-01-27 19:58:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (8%) free of 305 GB
Total RAM: 1023 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:48 PM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Symantec\WinFax\wfxctl32.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Luis Ocampo\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\Luis Ocampo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {115CEF11-6B02-4DA0-A5B3-B991577C026F} - C:\WINDOWS\system32\awttsQHY.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtSiJaw.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: {398b3e63-0be1-d3e8-1f74-9c1f91eb7269} - {9627be19-f1c9-47f1-8e3d-1eb036e3b893} - C:\WINDOWS\system32\bvccbn.dll
O2 - BHO: (no name) - {be8b65e0-d993-4c18-a5d6-9fb86be8017a} - C:\WINDOWS\system32\zavisomu.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [mamosaluse] Rundll32.exe "C:\WINDOWS\system32\vupivino.dll",s
O4 - HKLM\..\Run: [CPM8f4fb4a2] Rundll32.exe "c:\windows\system32\jabohatu.dll",a
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares ultra] C:\Program Files\Ares Ultra\Ares Ultra.exe -h
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [mamosaluse] Rundll32.exe "C:\WINDOWS\system32\vupivino.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mamosaluse] Rundll32.exe "C:\WINDOWS\system32\vupivino.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe
O4 - Startup: WinFax PRO Controller.lnk = C:\Program Files\Symantec\WinFax\wfxctl32.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177792628156
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Filter hijack: text/html - {4524b296-b1c5-4ef9-b6e9-788e2f12dcb6} - C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: c:\windows\system32\jabohatu.dll c:\windows\system32\vuvimuwe.dll c:\windows\system32\febudipi.dll c:\windows\system32\besohaki.dll c:\windows\system32\dukotova.dll c:\windows\system32\yimipivu.dll c:\windows\system32\raganapo.dll c:\windows\system32\hatasefa.dll c:\windows\system32\suzusede.dll c:\windows\system32\nonabefa.dll c:\windows\system32\kefuzego.dll c:\windows\system32\majubilu.dll c:\windows\system32\dogumivu.dll c:\windows\system32\nefavega.dll c:\windows\system32\gazeyuha.dll c:\windows\system32\vutojisi.dll
O20 - Winlogon Notify: awtSiJaw - C:\WINDOWS\SYSTEM32\awtSiJaw.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jabohatu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jabohatu.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 13863 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Security Scan for Luis Ocampo.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{115CEF11-6B02-4DA0-A5B3-B991577C026F}]
C:\WINDOWS\system32\awttsQHY.dll [2009-01-22 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\awtSiJaw.dll [2009-01-22 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-08 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9627be19-f1c9-47f1-8e3d-1eb036e3b893}]
C:\WINDOWS\system32\bvccbn.dll [2009-01-26 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be8b65e0-d993-4c18-a5d6-9fb86be8017a}]
C:\WINDOWS\system32\zavisomu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-06-15 124656]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NewsUpd"=C:\Program Files\Creative\News\NewsUpd.EXE [2000-08-04 44032]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-08 136600]
"lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]
"lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-04-29 158624]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-15 153136]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-20 366400]
"mamosaluse"=C:\WINDOWS\system32\vupivino.dll []
"CPM8f4fb4a2"=c:\windows\system32\jabohatu.dll [2009-01-22 100591]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-07 149040]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []
"ares ultra"=C:\Program Files\Ares Ultra\Ares Ultra.exe -h []
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2008-06-10 785520]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe [2005-02-25 212992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Documents and Settings\Luis Ocampo\Start Menu\Programs\Startup
Memeo AutoBackup Launcher.lnk - C:\Documents and Settings\Luis Ocampo\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
Memeo AutoSync Launcher.lnk - C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
WinFax Application Port Starter.lnk - C:\WINDOWS\system32\wfxsnt40.exe
WinFax PRO Controller.lnk - C:\Program Files\Symantec\WinFax\wfxctl32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\jabohatu.dll c:\windows\system32\vuvimuwe.dll c:\windows\system32\febudipi.dll c:\windows\system32\besohaki.dll c:\windows\system32\dukotova.dll c:\windows\system32\yimipivu.dll c:\windows\system32\raganapo.dll c:\windows\system32\hatasefa.dll c:\windows\system32\suzusede.dll c:\windows\system32\nonabefa.dll c:\windows\system32\kefuzego.dll c:\windows\system32\majubilu.dll c:\windows\system32\dogumivu.dll c:\windows\system32\nefavega.dll c:\windows\system32\gazeyuha.dll c:\windows\system32\vutojisi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtSiJaw]
C:\WINDOWS\system32\awtSiJaw.dll [2009-01-22 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jabohatu.dll [2009-01-22 100591]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jabohatu.dll [2009-01-22 100591]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\awtSiJaw.dll [2009-01-22 36352]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\awttsQHY

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Documents and Settings\Luis Ocampo\My Documents\Ares\Ares.exe"="C:\Documents and Settings\Luis Ocampo\My Documents\Ares\Ares.exe:*:Disabled:Ares p2p for windows"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Luis Ocampo\My Documents\LimeWire\LimeWire.exe"="C:\Documents and Settings\Luis Ocampo\My Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Symantec\WinFax\wfxctl32.exe"="C:\Program Files\Symantec\WinFax\wfxctl32.exe:*:Enabled:wfxctl32"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: "
"C:\Program Files\Creative\News\NewsUpd.exe"="C:\Program Files\Creative\News\NewsUpd.exe:*:Enabled:NewsUpd"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{827f7a5d-e675-11dd-a23b-0007e9e9ae2f}]
shell\AutoRun\command - D:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\danuzihi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ravezula.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pikunuri.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jabohatu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\foyorere.dll
2009-01-27 19:21:33 ----D---- C:\_OTMoveIt
2009-01-26 22:18:59 ----SH---- C:\WINDOWS\system32\usoaosrr.ini
2009-01-26 22:18:53 ----A---- C:\WINDOWS\system32\rrsoaosu.dll
2009-01-26 22:17:09 ----A---- C:\WINDOWS\system32\bvccbn.dll
2009-01-26 22:17:02 ----A---- C:\WINDOWS\system32\lgntdahl.dll
2009-01-25 22:12:04 ----SH---- C:\WINDOWS\system32\vccqalxp.ini
2009-01-25 22:11:56 ----A---- C:\WINDOWS\system32\pxlaqccv.dll
2009-01-25 22:10:44 ----A---- C:\WINDOWS\system32\aweuan.dll
2009-01-25 22:10:42 ----A---- C:\WINDOWS\system32\pdlbeuqk.dll
2009-01-24 23:00:14 ----D---- C:\AITOR
2009-01-24 19:34:16 ----A---- C:\WINDOWS\system32\fsnxlj.dll
2009-01-24 19:34:07 ----A---- C:\WINDOWS\system32\ctibmskt.dll
2009-01-24 19:32:01 ----SH---- C:\WINDOWS\system32\ybapfwpd.ini
2009-01-24 19:32:00 ----A---- C:\WINDOWS\system32\dpwfpaby.dll
2009-01-23 18:51:45 ----SH---- C:\WINDOWS\system32\yydvudia.ini
2009-01-23 18:51:43 ----A---- C:\WINDOWS\system32\ryoowf.dll
2009-01-23 18:51:42 ----A---- C:\WINDOWS\system32\uepsmdbc.dll
2009-01-23 02:13:36 ----A---- C:\WINDOWS\system32\rqRLcBqN.dll
2009-01-23 02:10:53 ----A---- C:\WINDOWS\system32\mcrh.tmp
2009-01-22 18:50:56 ----A---- C:\WINDOWS\system32\retbht.dll
2009-01-22 18:50:55 ----A---- C:\WINDOWS\system32\mxyjxlpb.dll
2009-01-22 18:49:13 ----SH---- C:\WINDOWS\system32\ospbxdmx.ini
2009-01-22 18:49:12 ----A---- C:\WINDOWS\system32\xmdxbpso.dll
2009-01-22 18:47:55 ----ASH---- C:\WINDOWS\system32\YHQsttwa.ini2
2009-01-22 18:47:55 ----ASH---- C:\WINDOWS\system32\YHQsttwa.ini
2009-01-22 18:47:51 ----A---- C:\WINDOWS\system32\awttsQHY.dll
2009-01-22 18:43:31 ----A---- C:\WINDOWS\system32\pmnoOGyx.dll
2009-01-22 18:42:33 ----A---- C:\WINDOWS\system32\awtSiJaw.dll
2009-01-22 14:05:44 ----SH---- C:\WINDOWS\system32\elikuyar.ini
2009-01-22 14:05:26 ----ASH---- C:\WINDOWS\system32\ckdkwr.dll
2009-01-20 20:00:22 ----SH---- C:\WINDOWS\system32\ihizunad.ini
2009-01-20 20:00:20 ----ASH---- C:\WINDOWS\system32\dupzwi.dll
2009-01-19 17:40:27 ----D---- C:\CODE_NAME_THE_CLEANER_V3
2009-01-19 17:22:10 ----HD---- C:\_Memeo
2009-01-19 17:16:50 ----D---- C:\Program Files\Picasa2
2009-01-19 17:14:13 ----D---- C:\Program Files\Western Digital
2009-01-19 17:12:23 ----D---- C:\Program Files\Memeo
2009-01-19 17:12:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Memeo
2009-01-19 17:11:35 ----D---- C:\Program Files\Western Digital Technologies
2009-01-16 20:39:59 ----A---- C:\WINDOWS\gmer.ini
2009-01-16 20:39:57 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-16 20:39:57 ----A---- C:\WINDOWS\gmer.exe
2009-01-16 20:39:57 ----A---- C:\WINDOWS\gmer.dll
2009-01-16 20:38:51 ----D---- C:\rsit
2009-01-16 20:38:51 ----D---- C:\Program Files\trend micro
2009-01-14 01:50:03 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-29 01:12:08 ----A---- C:\VundoFix.txt
2008-12-20 21:23:25 ----SHD---- C:\found.001
2008-12-18 22:35:55 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\Malwarebytes
2008-12-14 16:32:12 ----D---- C:\WINDOWS\system32\Adobe
2008-12-12 13:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 13:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 13:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 13:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-08 21:49:20 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-08 21:49:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-08 21:49:19 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-08 21:49:19 ----A---- C:\WINDOWS\system32\java.exe
2008-11-24 11:42:39 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 11:38:46 ----D---- C:\Program Files\QuickTime
2008-11-17 21:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-17 21:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-17 21:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-17 19:00:53 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-11-17 17:21:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-17 15:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-11-17 15:29:17 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\Snapfish
2008-11-17 15:27:13 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\Simple Star
2008-11-17 15:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-11-17 15:22:17 ----N---- C:\WINDOWS\UNAheadManual.exe
2008-11-17 15:18:47 ----D---- C:\Program Files\Ahead
2008-11-02 16:13:06 ----D---- C:\Program Files\Common Files\LightScribe

======List of files/folders modified in the last 3 months======

2009-01-27 19:58:21 ----D---- C:\WINDOWS\Prefetch
2009-01-27 19:50:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-27 19:49:53 ----A---- C:\WINDOWS\win.ini
2009-01-27 19:49:07 ----SD---- C:\WINDOWS\Tasks
2009-01-27 19:48:04 ----D---- C:\WINDOWS\Temp
2009-01-27 19:44:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-27 19:22:32 ----D---- C:\WINDOWS\system32
2009-01-27 11:01:06 ----D---- C:\Program Files\Google
2009-01-26 22:28:54 ----SHD---- C:\WINDOWS\Installer
2009-01-26 22:28:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-24 22:21:48 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-01-24 10:44:36 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\LimeWire
2009-01-23 22:09:22 ----RD---- C:\Program Files
2009-01-23 22:09:22 ----D---- C:\Program Files\AskTBar
2009-01-23 01:19:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-23 00:07:05 ----D---- C:\Program Files\iTunes
2009-01-22 19:56:48 ----D---- C:\Program Files\Lx_cats
2009-01-19 17:14:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-19 17:13:42 ----D---- C:\Program Files\Common Files\eSellerate
2009-01-19 17:11:36 ----SD---- C:\Documents and Settings\Luis Ocampo\Application Data\Microsoft
2009-01-16 20:39:59 ----D---- C:\WINDOWS
2009-01-16 20:39:57 ----D---- C:\WINDOWS\system32\drivers
2009-01-16 17:18:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-02 01:56:16 ----D---- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
2008-12-30 15:30:07 ----D---- C:\WINDOWS\system32\config
2008-12-30 15:29:20 ----D---- C:\WINDOWS\system32\wbem
2008-12-30 15:29:19 ----D---- C:\WINDOWS\Registration
2008-12-28 23:58:51 ----SHD---- C:\System Volume Information
2008-12-28 23:58:51 ----D---- C:\WINDOWS\system32\Restore
2008-12-26 23:19:04 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\1ClickDVDCopy
2008-12-21 20:58:27 ----SH---- C:\boot.ini
2008-12-21 20:58:27 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-20 21:05:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 21:05:41 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-19 12:05:16 ----D---- C:\WINDOWS\Help
2008-12-18 23:43:37 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-12-16 23:06:14 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-16 11:30:33 ----HD---- C:\WINDOWS\inf
2008-12-12 13:06:34 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 13:06:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-12 13:06:25 ----D---- C:\Program Files\Internet Explorer
2008-12-12 13:06:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-08 21:47:02 ----D---- C:\Program Files\Java
2008-11-24 11:42:44 ----D---- C:\Program Files\iPod
2008-11-24 11:42:42 ----D---- C:\Program Files\Common Files\Apple
2008-11-24 11:31:59 ----D---- C:\Program Files\Safari
2008-11-20 15:38:13 ----A---- C:\WINDOWS\ModemLog_Conexant SmartHSFi V92 56K DF PCI Modem.txt
2008-11-17 21:11:14 ----D---- C:\WINDOWS\WinSxS
2008-11-17 19:02:09 ----D---- C:\Program Files\AIM6
2008-11-17 19:00:03 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-11-17 15:36:24 ----D---- C:\Program Files\Common Files\Ahead
2008-11-17 15:33:26 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-11-17 15:27:13 ----D---- C:\Program Files\Nero
2008-11-17 15:27:12 ----D---- C:\Documents and Settings\Luis Ocampo\Application Data\Ahead
2008-11-17 15:20:35 ----D---- C:\Program Files\Common Files\Nero
2008-11-07 15:40:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-02 16:13:06 ----D---- C:\Program Files\Common Files
2008-11-02 08:33:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 40704]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-19 139776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2002-08-20 1175536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2002-08-20 170499]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-08 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2002-08-20 604240]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-16 85969]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTSvcCDA.exe [1999-12-13 44032]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-08 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-02 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-10-06 81920]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 61856]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-07 271920]
S2 wfxsvc;WinFax PRO; C:\WINDOWS\system32\WFXSVC.EXE [1997-04-30 90112]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-31 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-05-07 779824]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-04-29 5065120]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 245664]

-----------------EOF-----------------


here is the DDS.txt


DDS (Ver_09-01-07.01) - NTFSx86
Run by Luis Ocampo at 19:59:15.92 on Tue 01/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.417 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Symantec\WinFax\wfxctl32.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Luis Ocampo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {115cef11-6b02-4da0-a5b3-b991577c026f} - c:\windows\system32\awttsQHY.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\awtSiJaw.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {398b3e63-0be1-d3e8-1f74-9c1f91eb7269}: {9627be19-f1c9-47f1-8e3d-1eb036e3b893} - c:\windows\system32\bvccbn.dll
BHO: {be8b65e0-d993-4c18-a5d6-9fb86be8017a} - c:\windows\system32\zavisomu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [ares ultra] c:\program files\ares ultra\Ares Ultra.exe -h
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NewsUpd] c:\program files\creative\news\NewsUpd.EXE /q
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [mamosaluse] Rundll32.exe "c:\windows\system32\vupivino.dll",s
mRun: [CPM8f4fb4a2] Rundll32.exe "c:\windows\system32\jabohatu.dll",a
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\luisoc~1\startm~1\programs\startup\memeoa~1.lnk - c:\docume~1\luisoc~1\applic~1\microsoft\installer\{39a908fd-7322-41ae-b374-c7a076b2fc97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:\docume~1\luisoc~1\startm~1\programs\startup\memeoa~2.lnk - c:\program files\memeo\autosync\MemeoLauncher.exe
StartupFolder: c:\docume~1\luisoc~1\startm~1\programs\startup\winfax~2.lnk - c:\windows\system32\wfxsnt40.exe
StartupFolder: c:\docume~1\luisoc~1\startm~1\programs\startup\winfax~1.lnk - c:\program files\symantec\winfax\wfxctl32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Filter: text/html - {4524b296-b1c5-4ef9-b6e9-788e2f12dcb6} -
Notify: awtSiJaw - awtSiJaw.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\windows\system32\jabohatu.dll c:\windows\system32\vuvimuwe.dll c:\windows\system32\febudipi.dll c:\windows\system32\besohaki.dll c:\windows\system32\dukotova.dll c:\windows\system32\yimipivu.dll c:\windows\system32\raganapo.dll c:\windows\system32\hatasefa.dll c:\windows\system32\suzusede.dll c:\windows\system32\nonabefa.dll c:\windows\system32\kefuzego.dll c:\windows\system32\majubilu.dll c:\windows\system32\dogumivu.dll c:\windows\system32\nefavega.dll c:\windows\system32\gazeyuha.dll c:\windows\system32\vutojisi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jabohatu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jabohatu.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\awtSiJaw.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awttsQHY

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-19 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081212.004\naveng.sys [2008-12-12 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081212.004\navex15.sys [2008-12-12 876112]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2008-2-10 99248]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]

=============== Created Last 30 ================

2009-01-27 19:21 <DIR> --d----- C:\_OTMoveIt
2009-01-26 22:18 1,515,551 ---sh--- c:\windows\system32\usoaosrr.ini
2009-01-26 22:18 72,704 a------- c:\windows\system32\rrsoaosu.dll
2009-01-26 22:17 129,024 a------- c:\windows\system32\bvccbn.dll
2009-01-26 22:17 129,024 a------- c:\windows\system32\lgntdahl.dll
2009-01-25 22:12 1,434,951 ---sh--- c:\windows\system32\vccqalxp.ini
2009-01-25 22:11 72,704 a------- c:\windows\system32\pxlaqccv.dll
2009-01-25 22:10 129,024 a------- c:\windows\system32\aweuan.dll
2009-01-25 22:10 129,024 a------- c:\windows\system32\pdlbeuqk.dll
2009-01-24 23:00 <DIR> --d----- C:\AITOR
2009-01-24 19:34 129,024 a------- c:\windows\system32\fsnxlj.dll
2009-01-24 19:34 129,024 a------- c:\windows\system32\ctibmskt.dll
2009-01-24 19:32 1,434,960 ---sh--- c:\windows\system32\ybapfwpd.ini
2009-01-24 19:32 72,704 a------- c:\windows\system32\dpwfpaby.dll
2009-01-23 18:51 1,434,951 ---sh--- c:\windows\system32\yydvudia.ini
2009-01-23 18:51 129,024 a------- c:\windows\system32\ryoowf.dll
2009-01-23 18:51 129,024 a------- c:\windows\system32\uepsmdbc.dll
2009-01-23 02:13 36,352 a------- c:\windows\system32\rqRLcBqN.dll
2009-01-23 02:10 143 a------- c:\windows\system32\mcrh.tmp
2009-01-22 18:50 129,024 a------- c:\windows\system32\retbht.dll
2009-01-22 18:50 129,024 a------- c:\windows\system32\mxyjxlpb.dll
2009-01-22 18:49 1,434,626 ---sh--- c:\windows\system32\ospbxdmx.ini
2009-01-22 18:49 72,704 a------- c:\windows\system32\xmdxbpso.dll
2009-01-22 18:47 39,084 a--sh--- c:\windows\system32\YHQsttwa.ini2
2009-01-22 18:47 39,084 a--sh--- c:\windows\system32\YHQsttwa.ini
2009-01-22 18:47 302,592 a------- c:\windows\system32\awttsQHY.dll
2009-01-22 18:43 36,352 a------- c:\windows\system32\pmnoOGyx.dll
2009-01-22 18:42 36,352 a------- c:\windows\system32\awtSiJaw.dll
2009-01-22 14:05 1,385,215 ---sh--- c:\windows\system32\elikuyar.ini
2009-01-22 14:05 134,285 a--sh--- c:\windows\system32\ckdkwr.dll
2009-01-20 20:00 1,385,206 ---sh--- c:\windows\system32\ihizunad.ini
2009-01-20 20:00 133,300 a--sh--- c:\windows\system32\dupzwi.dll
2009-01-19 17:40 <DIR> --d----- C:\CODE_NAME_THE_CLEANER_V3
2009-01-19 17:22 <DIR> --d-h--- C:\_Memeo
2009-01-19 17:16 <DIR> --d----- c:\program files\Picasa2
2009-01-19 17:14 <DIR> --d----- c:\program files\Western Digital
2009-01-19 17:12 <DIR> --d----- c:\program files\Memeo
2009-01-19 17:12 <DIR> --ds---- c:\docume~1\alluse~1\applic~1\Memeo
2009-01-19 17:11 <DIR> --d----- c:\program files\Western Digital Technologies
2009-01-16 20:39 250 a------- c:\windows\gmer.ini
2009-01-16 20:38 <DIR> --d----- c:\program files\trend micro

==================== Find3M ====================

2009-01-22 14:05 134,285 a--sh--- c:\windows\system32\foyorere.dll
2009-01-22 14:05 100,591 a--sh--- c:\windows\system32\jabohatu.dll
2009-01-20 20:00 133,300 a--sh--- c:\windows\system32\ravezula.dll
2009-01-20 20:00 100,078 a--sh--- c:\windows\system32\pikunuri.dll
2009-01-20 20:00 87,299 -------- c:\windows\system32\danuzihi.dll
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-08 21:47 410,984 a------- c:\windows\system32\deploytk.dll
2008-08-23 23:27 3,813 a------- c:\documents and settings\all users\test.exe
2008-01-08 20:35 87,608 a------- c:\docume~1\luisoc~1\applic~1\inst.exe
2008-01-08 20:35 47,360 a------- c:\docume~1\luisoc~1\applic~1\pcouffin.sys
2007-05-09 20:58 81,920 a------- c:\docume~1\luisoc~1\applic~1\ezpinst.exe
2008-09-28 00:29 61,100 a--sh--- c:\windows\system32\duwedeba.dll
2008-09-28 00:29 61,100 a--sh--- c:\windows\system32\puvutabo.dll
2008-09-30 15:07 61,507 a--sh--- c:\windows\system32\vegozadi(2).dll

============= FINISH: 20:00:14.39 ===============

and i will attach the other dds log

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 27 January 2009 - 08:48 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 HARLEMWORLD

HARLEMWORLD
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 03 February 2009 - 10:44 PM

okay im having trouble disabling the symantic antivirus
i right click it and i uncheck enable auto protect and it disables it but only for a temporary amount of time then it just goes back to being enabled

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 03 February 2009 - 10:51 PM

Don't worry too much about it.. Just proceed with ComboFix step.. Or you can also run ComboFix in Safe Mode :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 10 February 2009 - 05:54 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users