Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde and others


  • This topic is locked This topic is locked
11 replies to this topic

#1 Mephysteaux

Mephysteaux

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 15 January 2009 - 12:07 PM

OK, so I think I picked something up recently. I've tried a few malware scanners, and even after they said they removed all the items, they come back, and sometimes the symptoms change a bit. Here's what I have as of now.
-Decrease in speed
-While browsing in Firefox a couple times a day I'll get a dialogue box from bestantivirusquickscan.com with the typical "Your computer may be infected" pitch, and Xing it out makes Firefox pop up a new window to some Antivirus 2009 site
-Also while browsing in Firefox, a few times a day Internet Explorer will arbitrarily open and spawn about 20 windows, trying to connect to an IP address (77.74.48.108), but titled Cannot Find Server. Whenever this happens I open Task Manager and end the process ASAP, so I don't have much info on it.
-Sometimes Firefox will open a window trying to connect to 70.38.98.32 or netpcshield.com
-One other symptom I used to have, before I ran one of my scans, is that Firefox wouldn't load Facebook, and I couldn't open messages in Hotmail.

I ran DDS before my last Spybot scan, tried to do it again but it's been going for about 30 minutes with no result yet. However, here are the most recent results. Thanks in advance for the help.


DDS (Ver_09-01-07.01) - NTFSx86
Run by Alex Reiff at 19:41:27.02 on Sun 01/11/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1245 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Alex Reiff\Desktop\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://uac.gmu.edu/dana-na/auth/url_default/welcome.cgi
uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html
BHO: {012bd4b8-b9a2-476b-8bda-bffb974781fe} - c:\windows\system32\bifonovi.dll
BHO: {208adb32-49b1-49d6-a388-c3217f16534e} - c:\windows\system32\hgGvvtqP.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\xxyXNGxx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [yepudilalu] Rundll32.exe "c:\windows\system32\zogapero.dll",s
mRun: [CPM7b49d3ba] Rundll32.exe "c:\windows\system32\jotufafu.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: xxyXNGxx - xxyXNGxx.dll
AppInit_DLLs: c:\windows\system32\kovabova.dll c:\windows\system32\jotufafu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotufafu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jotufafu.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\xxyXNGxx.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGvvtqP
LSA: Notification Packages = scecli c:\windows\system32\kovabova.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alexre~1\applic~1\mozilla\firefox\profiles\urirztiq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava11.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava12.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava13.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava32.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJPI141_02.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-4 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090107.002\naveng.sys [2009-1-7 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090107.002\navex15.sys [2009-1-7 876112]
S3 cpuz129;cpuz129;\??\c:\docume~1\alexre~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\alexre~1\locals~1\temp\cpuz_x32.sys [?]
S3 LxrSG20d;LxrSG20d;c:\windows\system32\drivers\LxrSG20d.sys [2006-1-8 68672]
S4 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01;c:\windows\system32\drivers\coachcap.sys [2006-3-22 93068]

=============== Created Last 30 ================

2009-01-11 19:15 <DIR> --d----- c:\program files\Trend Micro
2009-01-11 19:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-11 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-11 10:13 1,212,876 ---sh--- c:\windows\system32\efukuwig.ini
2009-01-10 22:06 1,212,885 ---sh--- c:\windows\system32\isomajid.ini
2009-01-08 22:11 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-08 21:18 <DIR> --d----- C:\VundoFix Backups
2009-01-08 17:53 1,326,815 ---sh--- c:\windows\system32\jilhygua.ini
2009-01-08 17:13 0 a------- c:\windows\system32\mcrh.tmp
2009-01-07 17:57 1,320,830 ---sh--- c:\windows\system32\ahlojjtu.ini
2009-01-07 17:51 696,105 a--sh--- c:\windows\system32\PqtvvGgh.ini2
2009-01-07 17:51 696,105 a--sh--- c:\windows\system32\PqtvvGgh.ini
2009-01-07 17:46 45,568 a------- c:\windows\system32\nnnkHwXO.dll
2008-12-25 15:49 <DIR> --d----- c:\program files\iPod
2008-12-25 15:49 <DIR> --d----- c:\program files\iTunes
2008-12-25 15:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 15:48 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-01-11 10:13 103,233 a--sh--- c:\windows\system32\jotufafu.dll
2009-01-11 10:13 91,238 a--sh--- c:\windows\system32\giwukufe.dll
2009-01-10 22:06 105,569 a--sh--- c:\windows\system32\wifukolu.dll
2008-12-12 12:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-15 20:00 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-10-15 20:00 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-10-15 20:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
0000-00-00 00:00 65,806 a--sh--- c:\windows\system32\bifonovi.dll
0000-00-00 00:00 65,806 a--sh--- c:\windows\system32\kovabova.dll
0000-00-00 00:00 65,806 a--sh--- c:\windows\system32\zogapero.dll

============= FINISH: 19:49:25.38 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Mephysteaux

Mephysteaux
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 15 January 2009 - 12:41 PM

EDIT: Got the new log. Also, all the popups were getting particularly crazy when I was browsing google shopping, I noticed the urls had something to do with what I was looking at.


DDS (Ver_09-01-07.01) - NTFSx86
Run by Alex Reiff at 11:20:07.62 on Thu 01/15/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1334 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex Reiff\Desktop\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://uac.gmu.edu/dana-na/auth/url_default/welcome.cgi
uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html
BHO: {012bd4b8-b9a2-476b-8bda-bffb974781fe} - c:\windows\system32\nobawitu.dll
BHO: {208adb32-49b1-49d6-a388-c3217f16534e} - c:\windows\system32\hgGvvtqP.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [yepudilalu] Rundll32.exe "c:\windows\system32\deduzezi.dll",s
mRun: [CPM7b49d3ba] Rundll32.exe "c:\windows\system32\vefufise.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: xxyXNGxx - xxyXNGxx.dll
AppInit_DLLs: c:\windows\system32\ c:\windows\system32\jotufafu.dll c:\windows\system32\palowaru.dll hgtcsn.dll c:\windows\system32\ c:\windows\system32\yawevodu.dll tnjgsh.dll ktjgge.dll rfqkqd.dll c:\windows\system32\vefufise.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vefufise.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\vefufise.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGvvtqP
LSA: Notification Packages = scecli c:\windows\system32\palowaru.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alexre~1\applic~1\mozilla\firefox\profiles\urirztiq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava11.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava12.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava13.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava32.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJPI141_02.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-15 00:27 131,817 a--sh--- c:\windows\system32\rfqkqd.dll
2009-01-15 00:27 120 ---sh--- c:\windows\system32\iposekub.ini
2009-01-14 12:27 120 ---sh--- c:\windows\system32\ewonupig.ini
2009-01-14 12:27 131,701 a--sh--- c:\windows\system32\ktjgge.dll
2009-01-13 05:16 120 ---sh--- c:\windows\system32\utemulus.ini
2009-01-13 05:16 131,751 a--sh--- c:\windows\system32\tnjgsh.dll
2009-01-12 17:16 120 ---sh--- c:\windows\system32\asuyapul.ini
2009-01-12 17:16 131,922 a--sh--- c:\windows\system32\hgtcsn.dll
2009-01-12 04:15 2,098 ---sh--- c:\windows\system32\dovamewo.exe
2009-01-11 19:15 <DIR> --d----- c:\program files\Trend Micro
2009-01-11 19:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-11 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-11 10:13 1,212,876 ---sh--- c:\windows\system32\efukuwig.ini
2009-01-10 22:06 1,212,885 ---sh--- c:\windows\system32\isomajid.ini
2009-01-08 22:11 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-08 21:18 <DIR> --d----- C:\VundoFix Backups
2009-01-08 17:13 0 a------- c:\windows\system32\mcrh.tmp
2008-12-25 15:49 <DIR> --d----- c:\program files\iPod
2008-12-25 15:49 <DIR> --d----- c:\program files\iTunes
2008-12-25 15:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 15:48 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-01-15 00:27 86,357 a--sh--- c:\windows\system32\bukesopi.dll
2009-01-15 00:27 131,817 a--sh--- c:\windows\system32\tuwoyovu.dll
2009-01-15 00:27 100,510 a--sh--- c:\windows\system32\vefufise.dll
2009-01-14 12:27 87,711 -------- c:\windows\system32\gipunowe.dll
2009-01-14 12:27 131,701 a--sh--- c:\windows\system32\haditapo.dll
2009-01-14 12:27 100,439 a--sh--- c:\windows\system32\poruzowo.dll
2009-01-13 05:16 131,751 a--sh--- c:\windows\system32\siwibiko.dll
2009-01-13 05:16 99,978 a--sh--- c:\windows\system32\pupuhale.dll
2009-01-13 05:16 87,371 a--sh--- c:\windows\system32\sulumetu.dll
2009-01-12 17:16 131,922 a--sh--- c:\windows\system32\yiyawefo.dll
2009-01-12 17:16 87,668 a--sh--- c:\windows\system32\lupayusa.dll
2009-01-12 16:15 64,158 a--sh--- c:\windows\system32\sugefeso.dll
2009-01-11 10:13 91,238 a--sh--- c:\windows\system32\giwukufe.dll
2009-01-10 22:06 105,569 a--sh--- c:\windows\system32\wifukolu.dll
2008-12-12 12:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
0000-00-00 00:00 64,158 a--sh--- c:\windows\system32\deduzezi.dll
0000-00-00 00:00 64,158 a--sh--- c:\windows\system32\nobawitu.dll
0000-00-00 00:00 64,158 a--sh--- c:\windows\system32\palowaru.dll
0000-00-00 00:00 95,232 a--sh--- c:\windows\system32\zelovumi.dll

============= FINISH: 12:12:51.93 ===============

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 16 January 2009 - 04:21 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 Mephysteaux

Mephysteaux
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 January 2009 - 05:54 PM

Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 5.1.2600 Service Pack 3

1/16/2009 5:41:34 PM
mbam-log-2009-01-16 (17-41-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 114806
Time elapsed: 1 hour(s), 10 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 11
Registry Keys Infected: 18
Registry Values Infected: 4
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\reralifa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\doteheko.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kavutiro.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\ketahope.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\vasitiwe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hgtcsn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tnjgsh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ktjgge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rfqkqd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ciiand.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\doxgjr.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{012bd4b8-b9a2-476b-8bda-bffb974781fe} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{012bd4b8-b9a2-476b-8bda-bffb974781fe} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1a86674-3aba-4492-b193-8704ab3b2d5b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0bc47f52-a2cd-42e0-b647-e4c3c89b91b5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d458910-0c29-4196-8b26-5ddd9f59fdbd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ae42706-5564-4da0-acb9-615ed2b0930e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55a64e11-3e57-4d58-a191-d71552dbc69e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83a403a6-b292-472b-b469-2e1426b6b9c9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{012bd4b8-b9a2-476b-8bda-bffb974781fe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yepudilalu (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm7b49d3ba (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\reralifa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\reralifa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\reralifa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kavutiro.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kavutiro.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\ketahope.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\ketahope.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vasitiwe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vasitiwe.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\beyewowa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awoweyeb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bukesopi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iposekub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gipunowe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewonupig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\giwukufe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efukuwig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hujizabu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubazijuh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lupayusa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asuyapul.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sulumetu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utemulus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vasitiwe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fovativu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reralifa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\doteheko.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kavutiro.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\ketahope.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hgtcsn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tnjgsh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ktjgge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rfqkqd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ciiand.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\doxgjr.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Alex Reiff\Local Settings\Temp\seneka9093.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\paviviwa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pupuhale.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siwibiko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vefufise.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gilimugi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\poruzowo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\haditapo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuwoyovu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nanumiti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yiyawefo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekarrvitode.sys (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekauhbowinm.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaxnspyyxu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.

#5 Mephysteaux

Mephysteaux
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 January 2009 - 05:57 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Alex Reiff at 2009-01-16 17:55:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (12%) free of 54 GB
Total RAM: 2039 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:57 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Alex Reiff\Desktop\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alex Reiff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uac.gmu.edu/dana-na/auth/url_default/welcome.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {012bd4b8-b9a2-476b-8bda-bffb974781fe} - (no file)
O2 - BHO: (no name) - {208ADB32-49B1-49D6-A388-C3217F16534E} - C:\WINDOWS\system32\hgGvvtqP.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [yepudilalu] Rundll32.exe "C:\WINDOWS\system32\doteheko.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yepudilalu] Rundll32.exe "C:\WINDOWS\system32\doteheko.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\program files\javasoft\jre1.4\1.4.0\bin\npjpi140.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\program files\javasoft\jre1.4\1.4.0\bin\npjpi140.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://uac.gmu.edu/dana-cached/setup/JuniperSetupSP1.cab
O20 - AppInit_DLLs: c:\windows\system32\ c:\windows\system32\jotufafu.dll hgtcsn.dll c:\windows\system32\ c:\windows\system32\yawevodu.dll tnjgsh.dll ktjgge.dll rfqkqd.dll ciiand.dll doxgjr.dll ,
O20 - Winlogon Notify: xxyXNGxx - xxyXNGxx.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8404 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\plfqpbcy.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{012bd4b8-b9a2-476b-8bda-bffb974781fe}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{208ADB32-49B1-49D6-A388-C3217F16534E}]
C:\WINDOWS\system32\hgGvvtqP.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-24 729178]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-09-10 393216]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2006-01-06 188416]
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2006-01-06 348160]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-07 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-26 124656]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-01-02 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-09-18 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\ c:\windows\system32\jotufafu.dll hgtcsn.dll c:\windows\system32\ c:\windows\system32\yawevodu.dll tnjgsh.dll ktjgge.dll rfqkqd.dll ciiand.dll doxgjr.dll , "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-05-26 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyXNGxx]
xxyXNGxx.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\hgGvvtqP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\JavaSoft\JRE1.4\1.4.0\bin\javaw.exe"="C:\Program Files\JavaSoft\JRE1.4\1.4.0\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Hasbro Interactive\Scrabble v2.0\Scrabble v2.0.exe"="C:\Program Files\Hasbro Interactive\Scrabble v2.0\Scrabble v2.0.exe:*:Disabled:Scrabble v2.0"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zelovumi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wifukolu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sugefeso.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\palowaru.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nobawitu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kovabova.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\deduzezi.dll.tmp
2009-01-16 17:55:37 ----D---- C:\rsit
2009-01-16 11:03:00 ----D---- C:\Documents and Settings\Alex Reiff\Application Data\Malwarebytes
2009-01-16 11:02:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-16 11:02:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-15 13:27:57 ----SH---- C:\WINDOWS\system32\otoyiloh.ini
2009-01-12 04:15:36 ----SH---- C:\WINDOWS\system32\dovamewo.exe
2009-01-11 19:15:22 ----D---- C:\Program Files\Trend Micro
2009-01-11 19:07:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-11 19:07:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 22:06:05 ----SH---- C:\WINDOWS\system32\isomajid.ini
2009-01-08 22:11:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-08 22:11:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-08 21:18:21 ----D---- C:\VundoFix Backups
2009-01-08 21:18:21 ----A---- C:\VundoFix.txt
2009-01-08 17:12:41 ----D---- C:\Program Files\Windows Live Safety Center
2009-01-07 18:09:45 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-07 17:51:49 ----A---- C:\WINDOWS\system32\73592458-.txt
2008-12-25 15:49:12 ----D---- C:\Program Files\iPod
2008-12-25 15:49:07 ----D---- C:\Program Files\iTunes
2008-12-25 15:49:07 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 15:48:03 ----D---- C:\Program Files\Bonjour
2008-12-25 15:45:30 ----SHD---- C:\Config.Msi
2008-12-25 15:44:31 ----D---- C:\Program Files\Apple Software Update
2008-12-19 02:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-12 02:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 02:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 02:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 02:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 02:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-08 00:39:26 ----D---- C:\Program Files\Microsoft Works
2008-12-08 00:09:43 ----RA---- C:\WINDOWS\system32\msls2.dll
2008-11-11 17:26:25 ----D---- C:\cca0f9d26968aa22c4a09bc9e3
2008-11-11 17:26:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 17:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 17:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-25 01:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 3 months======

2009-01-16 17:53:10 ----D---- C:\Program Files\Mozilla Firefox
2009-01-16 17:52:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-16 17:50:48 ----D---- C:\WINDOWS\Temp
2009-01-16 17:43:57 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-01-16 17:42:48 ----D---- C:\WINDOWS\system32\drivers
2009-01-16 17:42:47 ----D---- C:\WINDOWS\system32
2009-01-16 17:42:47 ----D---- C:\Program Files
2009-01-16 17:42:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-16 15:26:26 ----D---- C:\WINDOWS\Prefetch
2009-01-12 18:17:50 ----AC---- C:\WINDOWS\wininit.ini
2009-01-12 11:31:09 ----D---- C:\WINDOWS\wt
2009-01-08 22:52:18 ----D---- C:\WINDOWS
2009-01-08 22:12:39 ----SHD---- C:\WINDOWS\Installer
2009-01-08 22:12:15 ----D---- C:\Program Files\Lavasoft
2009-01-08 22:12:14 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-08 22:12:14 ----D---- C:\Documents and Settings\Alex Reiff\Application Data\Lavasoft
2009-01-08 22:11:10 ----D---- C:\Program Files\Common Files
2009-01-08 18:29:35 ----HD---- C:\WINDOWS\inf
2009-01-08 17:12:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-08 16:20:20 ----D---- C:\Program Files\Trillian
2009-01-07 18:03:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-07 17:56:12 ----D---- C:\Documents and Settings\Alex Reiff\Application Data\Adobe
2009-01-07 17:46:31 ----SD---- C:\WINDOWS\Tasks
2009-01-07 17:46:02 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-28 11:38:12 ----D---- C:\Documents and Settings\Alex Reiff\Application Data\Azureus
2008-12-25 20:22:15 ----D---- C:\Documents and Settings\Alex Reiff\Application Data\Apple Computer
2008-12-25 15:49:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-25 15:49:11 ----D---- C:\Program Files\Common Files\Apple
2008-12-25 15:47:04 ----D---- C:\Program Files\QuickTime
2008-12-25 15:44:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-19 02:01:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-19 02:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 02:06:51 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 02:06:15 ----A---- C:\WINDOWS\win.ini
2008-12-08 00:11:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-02 12:29:17 ----D---- C:\Documents and Settings\Alex Reiff\Application Data\Juniper Networks
2008-11-30 01:32:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-30 01:31:14 ----D---- C:\Documents and Settings\Alex Reiff\Application Data\Lionhead Studios
2008-11-30 01:29:46 ----SD---- C:\Documents and Settings\Alex Reiff\Application Data\Microsoft
2008-11-30 01:29:44 ----D---- C:\Program Files\Project64 1.6
2008-11-30 01:27:53 ----D---- C:\Program Files\Ares
2008-11-26 12:07:36 ----D---- C:\WINDOWS\Help
2008-11-23 12:56:14 ----D---- C:\Program Files\Acoustica Shared Effects
2008-11-02 13:06:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-18 14:27:39 ----A---- C:\WINDOWS\BRWMARK.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-01-06 20747]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-01-02 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090107.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090107.002\navex15.sys []
R3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-02 232192]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-09-10 1032472]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-24 190560]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekarrvitode.sys []
S2 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01; C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 93068]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz129;cpuz129; \??\C:\DOCUME~1\ALEXRE~1\LOCALS~1\Temp\cpuz_x32.sys []
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2006-01-06 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2006-01-06 16112]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 LxrSG20d;LxrSG20d; \??\C:\WINDOWS\system32\Drivers\LxrSG20d.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-07 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-05-26 30448]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-07 192160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 LxrSG20s;Lexar SG20; C:\WINDOWS\system32\LxrSG20s.exe [2006-01-08 77312]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2006-01-06 77824]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-05-26 115952]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-02-06 1160848]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-05-26 1799408]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-16 17:56:09

======Uninstall list======

-->"C:\Program Files\StepMania CVS\uninstall.exe"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
Acoustica Beatcraft-->C:\PROGRA~1\ACOUST~3\UNWISE.EXE C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Concord Eye-Q Duo 2000 Memory Browser TWAIN Driver V1.00-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\coachMB.inf
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google AFE-->regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
GTK+ Runtime 2.6.9 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenMG Limited Patch 4.1-05-13-31-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
Photosmart 130,230,7150,7345,7350,7550 (Remove only)-->C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 SET_LIM_RADIO - ALL
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus-->MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Symantec AntiVirus Corporate Edition (disabled)

System event log

Computer Name: ALEXREIFFNB
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{CA2C32DD-622F-4776-9AD8-AAA413CA4B1F} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 5560
Source Name: Tcpip
Time Written: 20090107220201.000000-300
Event Type: information
User:

Computer Name: ALEXREIFFNB
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001150A2E0B9. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 5559
Source Name: Dhcp
Time Written: 20090107220156.000000-300
Event Type: warning
User:

Computer Name: ALEXREIFFNB
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{CA2C32DD-622F-4776-9AD8-AAA413CA4B1F} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 5558
Source Name: Tcpip
Time Written: 20090107220156.000000-300
Event Type: information
User:

Computer Name: ALEXREIFFNB
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001150A2E0B9. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 5557
Source Name: Dhcp
Time Written: 20090107220151.000000-300
Event Type: warning
User:

Computer Name: ALEXREIFFNB
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{CA2C32DD-622F-4776-9AD8-AAA413CA4B1F} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 5556
Source Name: Tcpip
Time Written: 20090107220151.000000-300
Event Type: information
User:

Application event log

Computer Name: ALEXREIFFNB
Event Code: 16
Message:


Download of virus definition file from LiveUpdate server failed. 00000001

Record Number: 13943
Source Name: Symantec AntiVirus
Time Written: 20081101050330.000000-240
Event Type: information
User:

Computer Name: ALEXREIFFNB
Event Code: 16
Message:


Download of virus definition file from LiveUpdate server failed. 00000001

Record Number: 13942
Source Name: Symantec AntiVirus
Time Written: 20081101040220.000000-240
Event Type: information
User:

Computer Name: ALEXREIFFNB
Event Code: 16
Message:


Download of virus definition file from LiveUpdate server failed. 00000001

Record Number: 13941
Source Name: Symantec AntiVirus
Time Written: 20081101030109.000000-240
Event Type: information
User:

Computer Name: ALEXREIFFNB
Event Code: 16
Message:


Download of virus definition file from LiveUpdate server failed. 00000001

Record Number: 13940
Source Name: Symantec AntiVirus
Time Written: 20081101020000.000000-240
Event Type: information
User:

Computer Name: ALEXREIFFNB
Event Code: 16
Message:


Virus definitions are current.

Record Number: 13939
Source Name: Symantec AntiVirus
Time Written: 20081101005852.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 17 January 2009 - 01:40 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Mephysteaux

Mephysteaux
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 17 January 2009 - 12:28 PM

Here's the log. I also attached the GMER log in case it's still useful.

ComboFix 09-01-16.04 - Alex Reiff 2009-01-17 11:52:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1529 [GMT -5:00]
Running from: c:\documents and settings\Alex Reiff\Desktop\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alex Reiff\Local Settings\Temporary Internet Files\jt41vjyl.zjl
c:\documents and settings\Alex Reiff\Local Settings\Temporary Internet Files\koen1ka3.hkt
c:\documents and settings\Alex Reiff\Local Settings\Temporary Internet Files\oshelmm5.iiw
c:\documents and settings\Alex Reiff\Local Settings\Temporary Internet Files\rsn1m2oi.ldx
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\isomajid.ini
c:\windows\system32\otoyiloh.ini
c:\windows\system32\sugefeso.dll
c:\windows\system32\wifukolu.dll
c:\windows\system32\zelovumi.dll

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-16 17:59 . 2009-01-16 17:59 250 --a------ c:\windows\gmer.ini
2009-01-16 17:55 . 2009-01-16 17:56 <DIR> d-------- C:\rsit
2009-01-16 11:03 . 2009-01-16 11:03 <DIR> d-------- c:\documents and settings\Alex Reiff\Application Data\Malwarebytes
2009-01-16 11:02 . 2009-01-16 11:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-16 11:02 . 2009-01-16 11:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-16 11:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-16 11:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-12 04:15 . 2009-01-12 04:15 2,098 ---hs---- c:\windows\system32\dovamewo.exe
2009-01-11 19:15 . 2009-01-11 19:15 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 19:07 . 2009-01-11 19:16 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-11 19:07 . 2009-01-12 11:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-08 22:11 . 2009-01-08 22:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-08 22:11 . 2009-01-08 22:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-08 21:18 . 2009-01-08 21:18 <DIR> d-------- C:\VundoFix Backups
2009-01-08 17:12 . 2009-01-08 18:29 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-25 15:49 . 2008-12-25 15:49 <DIR> d-------- c:\program files\iTunes
2008-12-25 15:49 . 2008-12-25 15:49 <DIR> d-------- c:\program files\iPod
2008-12-25 15:49 . 2008-12-25 15:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 15:48 . 2008-12-25 15:48 <DIR> d-------- c:\program files\Bonjour
2008-12-25 15:44 . 2008-12-25 15:44 <DIR> d-------- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 03:12 --------- d-----w c:\program files\Lavasoft
2009-01-09 03:12 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Lavasoft
2009-01-08 21:20 --------- d-----w c:\program files\Trillian
2009-01-07 22:46 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-28 16:38 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Azureus
2008-12-26 01:22 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Apple Computer
2008-12-25 20:49 --------- d-----w c:\program files\Common Files\Apple
2008-12-25 20:47 --------- d-----w c:\program files\QuickTime
2008-12-08 05:39 --------- d-----w c:\program files\Microsoft Works
2008-12-02 17:29 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Juniper Networks
2008-11-30 06:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 06:31 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Lionhead Studios
2008-11-30 06:29 --------- d-----w c:\program files\Project64 1.6
2008-11-30 06:27 --------- d-----w c:\program files\Ares
2008-11-23 17:56 --------- d-----w c:\program files\Acoustica Shared Effects
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-26 124656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-01-02 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 17:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-01-02 21:19 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\JavaSoft\\JRE1.4\\1.4.0\\bin\\javaw.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57005:TCP"= 57005:TCP:GSMP

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-04 99376]
S3 cpuz129;cpuz129;\??\c:\docume~1\ALEXRE~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ALEXRE~1\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 LxrSG20d;LxrSG20d;c:\windows\system32\drivers\LxrSG20d.sys [2006-01-08 68672]
S3 LxrSG20s;Lexar SG20;LxrSG20s.exe --> LxrSG20s.exe [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-05-26 115952]
S4 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01;c:\windows\system32\drivers\coachcap.sys [2006-03-22 93068]
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-17 c:\windows\Tasks\plfqpbcy.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{012bd4b8-b9a2-476b-8bda-bffb974781fe} - (no file)
BHO-{208ADB32-49B1-49D6-A388-C3217F16534E} - c:\windows\system32\hgGvvtqP.dll
Notify-xxyXNGxx - xxyXNGxx.dll


.
------- Supplementary Scan -------
.
uStart Page = https://uac.gmu.edu/dana-na/auth/url_default/welcome.cgi
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alex Reiff\Application Data\Mozilla\Firefox\Profiles\urirztiq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava11.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava12.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava13.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava32.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJPI141_02.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 12:10:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-17 12:16:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-17 17:16:18

Pre-Run: 6,528,049,152 bytes free
Post-Run: 6,565,646,336 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

206 --- E O F --- 2008-12-19 07:01:34

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 17 January 2009 - 03:21 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\dovamewo.exe
c:\windows\Tasks\plfqpbcy.job

Folder::
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57005:TCP"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the ComboFix log in your next reply...




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post these logs in your next reply...

1. ComboFix
2. ESET Online Scanner

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Mephysteaux

Mephysteaux
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 18 January 2009 - 09:06 PM

ComboFix 09-01-18.01 - Alex Reiff 2009-01-18 20:33:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1584 [GMT -5:00]
Running from: c:\documents and settings\Alex Reiff\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Alex Reiff\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\dovamewo.exe
c:\windows\Tasks\plfqpbcy.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
c:\windows\system32\dovamewo.exe
c:\windows\Tasks\plfqpbcy.job

.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-16 17:59 . 2009-01-16 17:59 250 --a------ c:\windows\gmer.ini
2009-01-16 17:55 . 2009-01-16 17:56 <DIR> d-------- C:\rsit
2009-01-16 11:03 . 2009-01-16 11:03 <DIR> d-------- c:\documents and settings\Alex Reiff\Application Data\Malwarebytes
2009-01-16 11:02 . 2009-01-16 11:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-16 11:02 . 2009-01-16 11:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-16 11:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-16 11:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-11 19:15 . 2009-01-11 19:15 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 19:07 . 2009-01-11 19:16 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-11 19:07 . 2009-01-12 11:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-08 22:11 . 2009-01-08 22:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-08 22:11 . 2009-01-08 22:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-08 21:18 . 2009-01-08 21:18 <DIR> d-------- C:\VundoFix Backups
2009-01-08 17:12 . 2009-01-08 18:29 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-25 15:49 . 2008-12-25 15:49 <DIR> d-------- c:\program files\iTunes
2008-12-25 15:49 . 2008-12-25 15:49 <DIR> d-------- c:\program files\iPod
2008-12-25 15:48 . 2008-12-25 15:48 <DIR> d-------- c:\program files\Bonjour
2008-12-25 15:44 . 2008-12-25 15:44 <DIR> d-------- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 03:12 --------- d-----w c:\program files\Lavasoft
2009-01-09 03:12 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Lavasoft
2009-01-08 21:20 --------- d-----w c:\program files\Trillian
2009-01-07 22:46 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-28 16:38 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Azureus
2008-12-26 01:22 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Apple Computer
2008-12-25 20:49 --------- d-----w c:\program files\Common Files\Apple
2008-12-25 20:47 --------- d-----w c:\program files\QuickTime
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 05:39 --------- d-----w c:\program files\Microsoft Works
2008-12-02 17:29 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Juniper Networks
2008-11-30 06:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 06:31 --------- d-----w c:\documents and settings\Alex Reiff\Application Data\Lionhead Studios
2008-11-30 06:29 --------- d-----w c:\program files\Project64 1.6
2008-11-30 06:27 --------- d-----w c:\program files\Ares
2008-11-23 17:56 --------- d-----w c:\program files\Acoustica Shared Effects
.

((((((((((((((((((((((((((((( snapshot@2009-01-17_12.14.53.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-12 07:06:19 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-01-18 01:08:36 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-12-12 07:06:19 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-18 01:08:37 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-12-12 07:06:19 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-01-18 01:08:37 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-12-12 07:06:19 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-18 01:08:36 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-12-12 07:06:19 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-18 01:08:37 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-12-12 07:06:19 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-18 01:08:37 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-12-12 07:06:19 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-18 01:08:37 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-12-12 07:06:19 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-18 01:08:38 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-12-12 07:06:19 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-18 01:08:36 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-12-12 07:06:19 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-18 01:08:36 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-12-12 07:06:20 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-18 01:08:38 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-12-12 07:06:19 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-18 01:08:35 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-12-12 07:06:19 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-18 01:08:35 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-09-08 10:41:42 333,824 ------w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 ------w c:\windows\system32\dllcache\srv.sys
+ 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-26 124656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-01-02 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 17:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-01-02 21:19 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\JavaSoft\\JRE1.4\\1.4.0\\bin\\javaw.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57005:TCP"= 57005:TCP:GSMP

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-04 99376]
S3 cpuz129;cpuz129;\??\c:\docume~1\ALEXRE~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ALEXRE~1\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 LxrSG20d;LxrSG20d;c:\windows\system32\drivers\LxrSG20d.sys [2006-01-08 68672]
S3 LxrSG20s;Lexar SG20;LxrSG20s.exe --> LxrSG20s.exe [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-05-26 115952]
S4 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01;c:\windows\system32\drivers\coachcap.sys [2006-03-22 93068]
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-19 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2006-01-06 14:07]

2009-01-19 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2006-01-06 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = https://uac.gmu.edu/dana-na/auth/url_default/welcome.cgi
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alex Reiff\Application Data\Mozilla\Firefox\Profiles\urirztiq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava11.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava12.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava13.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJava32.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPJPI141_02.dll
FF - plugin: c:\program files\javasoft\jre1.4\1.4.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 20:38:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-18 20:44:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 01:44:33
ComboFix2.txt 2009-01-17 17:16:32

Pre-Run: 6,499,651,584 bytes free
Post-Run: 6,486,384,640 bytes free

221 --- E O F --- 2009-01-18 01:08:44

#10 Mephysteaux

Mephysteaux
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 18 January 2009 - 10:23 PM

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3775 (20090118)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=cee4aa9f45e5a9469c93130090fb5e0a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-19 03:16:53
# local_time=2009-01-18 10:16:53 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=250804
# found=3
# scan_time=4074
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent23.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent40.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent70.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 20 January 2009 - 06:56 AM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Mephysteaux

Mephysteaux
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 20 January 2009 - 12:08 PM

I'm happy to say my computer is back to normal. Performance is good, haven't gotten any of the popups recently, nothing out of the ordinary. Thanks for all the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users