Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Trojan Redirect, Antivirus 2009/Registry Defender trojans


  • This topic is locked This topic is locked
33 replies to this topic

#1 hannah9

hannah9

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 16 January 2009 - 11:02 PM

Dell Dimension 8100
W2000 Professional

I have these viruses. I cannot run HJT because even though I have it on my system it will not work, the viruses have hijacked it. I also ran Malaware bytes/OTScanit2 a month ago and thought I'd successfully removed the redirect problem, but it is back and now also cannot run Malawarebytes, nor remove it to reinstall. If I try to go to some sites like this one, or to download things like Hijackthis etc, my browser just closes. It is now almost impossible to use the internet and I am using my business laptop and portable memory to deal with fixing this.

I have run OTSCAN, Exterminate It and SpynoMore, and they all show evidence of these viruses.

Following is the OTSCAN log. Please tell me where to start.
Your help will be greatly appreciated.

OTScanIt2 logfile created on: 1/16/2009 8:34:17 PM - Run 4
OTScanIt2 by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\Laurita\Desktop\OTScanIt2
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.08 Mb Total Physical Memory | 119.74 Mb Available Physical Memory | 46.94% Memory free
614.50 Mb Paging File | 277.13 Mb Available in Paging File | 45.10% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.20 Gb Free Space | 40.79% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ7WDN01
Current User Name: Laurita
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
defwatch.exe -> %ProgramFiles%\NavNT\defwatch.exe -> [2000/09/27 08:50:00 | 00,032,768 | ---- | M] (Symantec Corporation)
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\em_exec.exe -> [2004/01/08 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.)
fwupdate.exe -> %ProgramFiles%\lg_fwupdate\fwupdate.exe -> [2008/12/27 01:43:46 | 00,548,864 | ---- | M] (BL)
hidserv.exe -> %SystemRoot%\system32\hidserv.exe -> [2003/06/19 13:05:04 | 00,019,728 | ---- | M] (Microsoft Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/13 00:26:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/13 00:26:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
lvcoms.exe -> %CommonProgramFiles%\Logitech\QCDriver3\LVCOMS.EXE -> [2002/12/10 17:54:04 | 00,127,022 | ---- | M] (Logitech Inc.)
lxdiamon.exe -> %ProgramFiles%\Lexmark 3500-4500 Series\lxdiamon.exe -> [2007/07/16 12:54:10 | 00,025,264 | ---- | M] ()
lxdicoms.exe -> %SystemRoot%\system32\lxdicoms.exe -> [2007/06/11 10:14:52 | 00,517,040 | ---- | M] ( )
lxdimon.exe -> %ProgramFiles%\Lexmark 3500-4500 Series\lxdimon.exe -> [2007/07/16 12:54:08 | 00,434,864 | ---- | M] ()
lxdiserv.exe -> %SystemRoot%\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe -> [2007/06/11 10:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.)
mccicmservice.exe -> %CommonProgramFiles%\Motive\McciCMService.exe -> [2007/09/26 10:43:24 | 00,303,104 | ---- | M] (Motive Communications, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
mmkeybd.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe -> [2000/09/21 15:34:12 | 00,126,976 | ---- | M] (Netropa Corp.)
msgsys.exe -> %SystemRoot%\system32\MsgSys.EXE -> [2000/09/18 18:12:40 | 00,014,336 | ---- | M] (Intel Corporation)
mspmspsv.exe -> %SystemRoot%\System32\mspmspsv.exe -> [2002/05/16 18:24:48 | 00,057,344 | ---- | M] (Microsoft Corporation)
mstask.exe -> %SystemRoot%\system32\MSTask.exe -> [2004/09/07 08:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation)
nhksrv.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [2000/09/13 17:18:26 | 00,028,672 | ---- | M] ()
npswf32_flashutil.exe -> %ProgramFiles%\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -> [2008/03/24 20:21:00 | 00,218,496 | ---- | M] (Adobe Systems, Inc.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2003/10/06 14:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools)
pds.exe -> %SystemRoot%\system32\cba\pds.exe -> [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation)
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2006/07/28 23:47:42 | 00,180,269 | ---- | M] (RealNetworks, Inc.)
regsvc.exe -> %SystemRoot%\system32\regsvc.exe -> [2003/06/19 13:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation)
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [2005/08/07 22:54:00 | 00,167,936 | ---- | M] ()
rtvscan.exe -> %ProgramFiles%\NavNT\rtvscan.exe -> [2000/09/27 08:50:00 | 00,430,080 | ---- | M] (Symantec Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2000/07/26 07:00:00 | 00,010,000 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2000/07/26 07:00:00 | 00,010,000 | ---- | M] (Microsoft Corporation)
service.exe -> %ProgramFiles%\Dell\Solution Center\Service.exe -> [2000/10/06 18:50:32 | 00,331,776 | ---- | M] ()
snm.exe -> %ProgramFiles%\SpyNoMore\SNM.exe -> [2008/12/09 02:00:10 | 01,064,400 | ---- | M] (Illysoft LLC)
stisvc.exe -> %SystemRoot%\system32\stisvc.exe -> [2003/06/19 13:05:04 | 00,061,712 | ---- | M] (Microsoft Corporation)
vptray.exe -> %SystemDrive%\PROGRA~1\NavNT\vptray.exe -> [2000/09/27 08:50:00 | 00,053,248 | ---- | M] (Symantec Corporation)
xfr.exe -> %SystemRoot%\system32\cba\xfr.exe -> [2000/09/18 18:12:40 | 00,011,264 | ---- | M] (Intel Corporation)

[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\NavNT\defwatch.exe -> [2000/09/27 08:50:00 | 00,032,768 | ---- | M] (Symantec Corporation)
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> [2003/06/19 13:05:04 | 00,147,728 | ---- | M] (VERITAS Software Corp.)
(Fax) Fax Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\faxsvc.exe -> [2003/06/19 13:05:04 | 00,094,992 | ---- | M] (Microsoft Corporation)
(HidServ) HID Input Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\hidserv.exe -> [2003/06/19 13:05:04 | 00,019,728 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(InCDsrv) InCD Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> [2007/05/15 15:55:46 | 01,550,896 | ---- | M] (Nero AG)
(Intel File Transfer) Intel File Transfer [Win32_Own | Auto | Running] -> %SystemRoot%\system32\cba\xfr.exe -> [2000/09/18 18:12:40 | 00,011,264 | ---- | M] (Intel Corporation)
(Intel PDS) Intel PDS [Win32_Own | Auto | Running] -> %SystemRoot%\system32\cba\pds.exe -> [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2006/09/25 14:54:22 | 00,451,136 | ---- | M] (Apple Computer, Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/13 00:26:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(lxdiCATSCustConnectService) lxdiCATSCustConnectService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe -> [2007/06/11 10:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.)
(lxdi_device) lxdi_device [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lxdicoms.exe -> [2007/06/11 10:14:52 | 00,517,040 | ---- | M] ( )
(McciCMService) McciCMService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Motive\McciCMService.exe -> [2007/09/26 10:43:24 | 00,303,104 | ---- | M] (Motive Communications, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> [2005/08/30 15:00:50 | 00,053,337 | ---- | M] (Sony Corporation)
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG)
(nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [2000/09/13 17:18:26 | 00,028,672 | ---- | M] ()
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/05/08 19:47:22 | 00,271,920 | ---- | M] (Nero AG)
(Norton AntiVirus Server) Norton AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\NavNT\rtvscan.exe -> [2000/09/27 08:50:00 | 00,430,080 | ---- | M] (Symantec Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2003/10/06 14:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> [2005/08/30 14:55:18 | 00,053,337 | ---- | M] (Sony Corporation)
(RemoteRegistry) Remote Registry Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\regsvc.exe -> [2003/06/19 13:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [2005/08/07 22:54:00 | 00,167,936 | ---- | M] ()
(SBHookSvc) SBHookSvc [Win32_Own | On_Demand | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\MSTask.exe -> [2004/09/07 08:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation)
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> [2005/08/30 14:49:34 | 00,069,718 | ---- | M] (Sony Corporation)
(StiSvc) Still Image Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\stisvc.exe -> [2003/06/19 13:05:04 | 00,061,712 | ---- | M] (Microsoft Corporation)
(UtilMan) Utility Manager [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\UtilMan.exe -> [2003/06/19 13:05:04 | 00,022,800 | ---- | M] (Microsoft Corporation)
(WinMgmt) Windows Management Instrumentation [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\WBEM\WinMgmt.exe -> [2003/06/19 13:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation)
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\mspmspsv.exe -> [2002/05/16 18:24:48 | 00,057,344 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(aaatimeo) aaatimeo [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\aaatimeo.sys -> [2000/11/21 16:19:40 | 00,004,928 | ---- | M] (Microsoft Corporation)
(cda1000) cda1000 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\DRIVERS\cda1000.sys -> [2000/12/14 13:14:04 | 00,281,024 | ---- | M] (Adaptec, Inc.)
(Cdr4_2K) Cdr4_2K [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\cdr4_2k.sys -> [2003/08/16 02:50:28 | 00,058,000 | ---- | M] (Roxio)
(Cdralw2k) Cdralw2k [Kernel | Auto | Stopped] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> [2006/10/26 18:13:18 | 00,022,089 | ---- | M] (Adaptec)
(cmosa) cmosa [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\cmosa.sys -> [2000/10/06 17:51:04 | 00,029,344 | ---- | M] (Dell Computer Corporation.)
(Diskperf) Diskperf [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\diskperf.sys -> [2003/06/19 13:05:04 | 00,007,728 | ---- | M] (Microsoft Corporation)
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> [2003/06/19 13:05:04 | 00,369,104 | ---- | M] (VERITAS Software Corp.)
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> [2003/06/19 13:05:04 | 00,137,936 | ---- | M] (VERITAS Software Corp.)
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> [2003/06/19 13:05:04 | 00,007,312 | ---- | M] (VERITAS Software Corp.)
(EFS) EFS [File_System | Disabled | Stopped] -> %SystemRoot%\System32\drivers\efs.sys -> [2003/06/19 13:05:04 | 00,027,440 | ---- | M] (Microsoft Corporation)
(EL90Xbc) 3Com 3C90X-BC Family PCI EtherLink Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\el90Xbc5.SYS -> [2001/03/27 20:23:24 | 00,067,317 | ---- | M] (3Com Corporation)
(es1371mp) SB AudioPCI 64V Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\es1371mp.sys -> [1999/12/23 15:52:32 | 00,042,623 | ---- | M] (Creative Technology Ltd.)
(Fd16_700) Fd16_700 [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\fd16_700.sys -> [1999/09/25 11:11:42 | 00,011,280 | ---- | M] (Microsoft Corporation)
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> [2006/07/14 15:03:02 | 00,014,448 | ---- | M] (GEAR Software Inc.)
(ichaud) Service for AC'97 Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ichaud.sys -> [1999/10/22 14:54:42 | 00,032,592 | ---- | M] (Microsoft Corporation)
(icm10blk) Intel® PC Camera CS630 Image Storage [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\icm10blk.sys -> [2001/10/05 16:01:56 | 00,014,182 | ---- | M] (Intel Corporation)
(ICM10USB) Intel® PC Camera CS630 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\ICM10USB.sys -> [2001/10/05 16:00:36 | 00,420,870 | ---- | M] (Intel Corporation)
(idebd) idebd [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\idebd.sys -> [2000/05/30 00:00:00 | 00,003,737 | ---- | M] (Intel Corporation)
(IKStream) Intel Streaming Filter For Kernel Streaming Audio Access [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\IKStream.sys -> [2000/10/13 17:02:36 | 00,054,428 | ---- | M] (Intel Corporation)
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDFs.sys -> [2007/05/15 15:55:36 | 00,118,576 | ---- | M] (Nero AG)
(InCDPass) InCDPass [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\InCDPass.sys -> [2007/05/15 15:55:36 | 00,037,040 | ---- | M] (Nero AG)
(incdrm) InCD Reader [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\InCDRm.sys -> [2007/05/15 15:55:36 | 00,038,576 | ---- | M] (Nero AG)
(intelata) intelata [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\intelata.sys -> [2000/05/30 00:00:00 | 00,118,480 | ---- | M] (Intel Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\System32\DRIVERS\kbdhid.sys -> [2000/07/26 07:00:00 | 00,013,744 | ---- | M] (Microsoft Corporation)
(L8042PR2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\l8042pr2.sys -> [2003/12/17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.)
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\LHidFlt2.Sys -> [2003/12/17 09:50:00 | 00,025,505 | ---- | M] (Logitech, Inc.)
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\LHidUsb.Sys -> [2003/12/17 09:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.)
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\LMouFlt2.sys -> [2003/12/17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [1999/09/25 10:34:58 | 00,016,144 | ---- | M] (Microsoft Corporation)
(MPE) BDA MPE Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\MPE.sys -> [2004/07/09 02:58:10 | 00,015,104 | ---- | M] (Microsoft Corporation)
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\mraid35x.sys -> [1999/11/05 21:23:34 | 00,009,488 | ---- | M] (American MegaTrends Inc.)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -> [2007/09/26 10:43:16 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -> [2004/11/22 17:36:34 | 00,019,345 | ---- | M] (Motive, Inc.)
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> [2004/11/22 17:36:40 | 00,018,003 | ---- | M] (Motive, Inc.)
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -> [2007/09/26 10:43:14 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(msikbd2k) Multimedia Keyboard Filter Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\msikbd2k.sys -> [2000/06/06 13:51:26 | 00,006,883 | ---- | M] (Netropa Corporation)
(MTsensor) MTsensor [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\MTsensor.sys -> [2000/10/06 17:51:06 | 00,014,392 | ---- | M] (Intel Corporation)
(NAVAP) NAVAP [Kernel | On_Demand | Running] -> %ProgramFiles%\NavNT\NAVAP.sys -> [2000/09/27 07:50:00 | 00,171,872 | ---- | M] ()
(NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %SystemDrive%\PROGRA~1\NavNT\NAVAPEL.SYS -> [2000/09/27 07:50:00 | 00,007,888 | ---- | M] ()
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090114.017\NAVENG.sys -> [2009/01/14 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090114.017\NAVEX15.sys -> [2009/01/14 02:00:00 | 00,876,112 | ---- | M] (Symantec Corporation)
(NetDetect) NetDetect [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\netdtect.sys -> [2000/07/26 07:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nv4_mini.sys -> [2003/10/06 14:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation)
(nv4) nv4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nv4_mini.sys -> [2003/10/06 14:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation)
(Parallel) Parallel class driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\parallel.sys -> [2003/06/19 13:05:04 | 00,060,208 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2003/06/19 13:05:04 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\PxHelp20.sys -> [2005/04/25 02:03:00 | 00,020,640 | ---- | M] (Sonic Solutions)
(QCMerced) Logitech QuickCam Express [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\LVCM.sys -> [2002/09/20 15:15:42 | 00,472,396 | ---- | M] (Logitech Inc.)
(RCA) Microsoft Streaming Network Raw Channel Access [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RCA.sys -> [2000/07/26 07:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\SECDRV.SYS -> [2003/09/08 18:30:32 | 00,011,376 | R--- | M] ()
(SONYFILT) Sony USBSTOR.SYS Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\SonyUSBF.sys -> [2004/01/14 16:47:58 | 00,004,480 | ---- | M] (Sony Corporation)
(SonySDK2) Sony USB Mass Storage Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\SonySDK2.sys -> [2003/11/26 16:42:06 | 00,028,442 | ---- | M] (Sony Corporation)
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\sparrow.sys -> [1999/09/28 15:14:04 | 00,019,376 | ---- | M] (Adaptec, Inc.)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> [2000/11/02 17:12:56 | 00,063,712 | ---- | M] (Symantec Corporation)
(UdfReadr) UdfReadr [File_System | System | Stopped] -> %SystemRoot%\System32\drivers\UdfReadr.sys -> [2001/06/27 17:11:00 | 00,213,248 | ---- | M] (Roxio)
(uhcd) Microsoft USB Universal Host Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\uhcd.sys -> [2003/06/19 13:05:04 | 00,032,848 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [1999/10/12 15:57:12 | 00,068,912 | ---- | M] (Microsoft Corporation)
(w810bus) Sony Ericsson W810 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\w810bus.sys -> [2007/09/07 21:59:44 | 00,058,288 | ---- | M] (MCCI)
(w810mdfl) Sony Ericsson W810 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\w810mdfl.sys -> [2007/09/07 21:59:44 | 00,008,336 | ---- | M] (MCCI)
(w810mdm) Sony Ericsson W810 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\w810mdm.sys -> [2007/09/07 21:59:44 | 00,094,064 | ---- | M] (MCCI)
(w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\w810mgmt.sys -> [2007/09/07 21:59:44 | 00,085,408 | ---- | M] (MCCI)
(w810obex) Sony Ericsson W810 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\w810obex.sys -> [2007/09/07 21:59:44 | 00,083,344 | ---- | M] (MCCI)
(WDM_INAEC) Intel Native Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\aecshell.sys -> [2001/02/21 16:13:54 | 00,169,056 | ---- | M] (Intel® Corporation)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ws2ifsl.sys -> [2000/07/26 07:00:00 | 00,012,016 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINNT\SYSTEM32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINNT\System32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Search Page_bak" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.ca/ ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://ie.search.msn.com/en-us/srchasst/srchasst.htm ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> MSN ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Laurita\Application Data\Mozilla\FireFox\Profiles\xa16sahk.default\prefs.js ->
browser.startup.homepage -> "http://ca.yahoo.com/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.5" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 ->
< HOSTS File > (36 bytes and 1 lines) -> C:\WINNT\System32\drivers\etc\Hosts ->
66.249.93.104 security.microsoft.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{112df4bd-cb24-44b2-9198-915b984e522e} [HKLM] -> %SystemRoot%\system32\dijipire.dll [Reg Error: Value does not exist or could not be read.] -> [2009/01/16 17:26:36 | 00,064,187 | -HS- | M] ()
{2502BBD0-D73B-11DD-B4EC-CEBF56D89593} [HKLM] -> %SystemRoot%\system32\vumer.dll [DDSMEkl] -> [2003/08/01 18:16:06 | 00,199,696 | ---- | M] (Winfi)
{63166905-ce30-4af9-944b-6312c2b96105} [HKLM] -> %SystemRoot%\system32\ezntpu.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java™ Plug-In SSV Helper] -> [2008/12/13 00:26:42 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java™ Plug-In 2 SSV Helper] -> [2008/12/13 00:26:40 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/13 00:26:42 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{8E718888-423F-11D2-876E-00A0C9082467}" [HKLM] -> %SystemRoot%\System32\msdxm.ocx [&Radio] -> [2005/03/31 00:10:40 | 00,844,560 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{339BB23F-A864-48C0-A59F-29EA915965EC}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\MSN Toolbar\01.01.2607.0\en-us\msntb.dll [MSN Toolbar] -> [2005/02/07 22:21:28 | 00,203,464 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{E6AE90A4-1B01-47F0-AA78-E6B122E145E9}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"07d106a1" -> %SystemRoot%\system32\wipogive.DLL [rundll32.exe "C:\WINNT\system32\wipogive.dll",b] -> [2009/01/16 02:25:00 | 00,086,260 | -HS- | M] ()
"CPM04e2353d" -> %SystemRoot%\system32\rijilutu.DLL [Rundll32.exe "c:\winnt\system32\rijilutu.dll",a] -> [2009/01/16 17:25:36 | 00,100,530 | -HS- | M] ()
"InCD" -> %ProgramFiles%\Nero\Nero 7\InCD\InCD.exe [C:\Program Files\Nero\Nero 7\InCD\InCD.exe] -> [2007/05/15 15:55:26 | 01,057,328 | ---- | M] (Nero AG)
"LGODDFU" -> %ProgramFiles%\lg_fwupdate\fwupdate.exe ["C:\Program Files\lg_fwupdate\fwupdate.exe" blrun] -> [2008/12/27 01:43:46 | 00,548,864 | ---- | M] (BL)
"LoadQM" -> %SystemRoot%\loadqm.exe [loadqm.exe] -> [2000/05/03 18:23:10 | 00,007,536 | ---- | M] (Microsoft Corporation)
"Logitech Utility" -> %SystemRoot%\Logi_MwX.Exe [Logi_MwX.Exe] -> [2003/12/17 09:50:00 | 00,019,968 | ---- | M] (Logitech Inc.)
"LVCOMS" -> %CommonProgramFiles%\Logitech\QCDriver3\LVCOMS.EXE [C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE] -> [2002/12/10 17:54:04 | 00,127,022 | ---- | M] (Logitech Inc.)
"lxdiamon" -> %ProgramFiles%\Lexmark 3500-4500 Series\lxdiamon.exe ["C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"] -> [2007/07/16 12:54:10 | 00,025,264 | ---- | M] ()
"lxdimon.exe" -> %ProgramFiles%\Lexmark 3500-4500 Series\lxdimon.exe ["C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"] -> [2007/07/16 12:54:08 | 00,434,864 | ---- | M] ()
"MULTIMEDIA KEYBOARD" -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe [C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe] -> [2000/09/21 15:34:12 | 00,126,976 | ---- | M] (Netropa Corp.)
"NeroFilterCheck" -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2007/03/01 15:57:24 | 00,153,136 | ---- | M] (Nero AG)
"NvCplDaemon" -> %SystemRoot%\system32\NvCpl.DLL [RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup] -> [2003/10/06 14:16:00 | 05,058,560 | ---- | M] (NVIDIA Corporation)
"SecurDisc" -> %ProgramFiles%\Nero\Nero 7\InCD\NBHGui.exe [C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe] -> [2007/05/15 15:55:46 | 01,628,208 | ---- | M] (Nero AG)
"SNM" -> [C:\Program Files\SpyNoMore\SNM.exe /startup] -> File not found
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/13 00:26:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"Synchronization Manager" -> %SystemRoot%\system32\mobsync.exe [mobsync.exe /logon] -> [2003/06/19 13:05:04 | 00,111,376 | ---- | M] (Microsoft Corporation)
"TELUS_eCare_Lite_McciTrayApp" -> %ProgramFiles%\TELUS_eCare_Lite\eCareTrayApp.exe [C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe] -> [2007/01/24 14:55:28 | 01,007,720 | ---- | M] (TELUS)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2006/07/28 23:47:42 | 00,180,269 | ---- | M] (RealNetworks, Inc.)
"vptray" -> %SystemDrive%\PROGRA~1\NavNT\vptray.exe [C:\PROGRA~1\NavNT\vptray.exe] -> [2000/09/27 08:50:00 | 00,053,248 | ---- | M] (Symantec Corporation)
"wudiyoyihi" -> %SystemRoot%\system32\duweweba.DLL [Rundll32.exe "C:\WINNT\system32\duweweba.dll",s] -> [2009/01/16 17:26:36 | 00,064,187 | -HS- | M] (SoftComplete Development)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Dell Service.lnk -> %ProgramFiles%\Dell\Solution Center\Service.exe -> [2000/10/06 18:50:32 | 00,331,776 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [149] -> File not found
\\"CDRAutoRun" -> [0] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKLM] -> Reg Error: Value does not exist or could not be read. [Button: Messenger] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKLM] -> Reg Error: Value does not exist or could not be read. [Menu: Yahoo! Messenger] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> %ProgramFiles%\aim.exe [Button: AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> [2003/03/17 15:05:02 | 00,946,960 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] -> Reg Error: Value does not exist or could not be read. [Messenger] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> %ProgramFiles%\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
Extension\.htm&ARIReportName=GSAMReport&ARIAgentReportRunName=GS018&Title=Alberta^System^Daily^Customer^Reports&ReportRunID=5385408&ReportFormat=pdf&ARIActionType=View -> %ProgramFiles%\Internet Explorer\PLUGINS\nppdf32.dll [Adobe Acrobat] -> [2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
free_aol.com [http] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00000161-0000-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/msaudio.cab[Reg Error: Key does not exist or could not be opened.] ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} [HKLM] -> http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab[MessengerStatsClient Class] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{2917297F-F02B-4B9D-81DF-494B6333150B} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab[Minesweeper Flags Class] ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKLM] -> http://download.yahoo.com/dl/installs/yinst.cab[YInstStarter Class] ->
{33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{41F17733-B041-4099-A042-B518BB6A408C} [HKLM] -> http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe[Reg Error: Key does not exist or could not be opened.] ->
{4E888414-DB8F-11D1-9CD9-00C04F98436A} [HKLM] -> https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab[Microsoft.WinRep] ->
{665585FD-2068-4C5E-A6D3-53AC3270ECD4} [HKLM] -> http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab[FileSharingCtrl Class] ->
{7CF052DE-C74F-421B-B04A-3B3037EF5887} [HKLM] -> http://64.124.45.181/chaincast/proxy/CCMP.cab[CCMPGui Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_11] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> http://v4.windowsupdate.microsoft.com/CAB/...7875.7000115741[Reg Error: Key does not exist or could not be opened.] ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [HKLM] -> http://messenger.msn.com/download/MsnMesse...pDownloader.cab[MsnMessengerSetupDownloadControl Class] ->
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} [HKLM] -> http://security1.norton.com/us/sa/common/c...n/bin/cabsa.cab[Symantec RuFSI Registry Information Class] ->
{C4847596-972C-11D0-9567-00A0C9273C2A} [HKLM] -> https://gmsweb.alliance-pipeline.com/viewer...tivexviewer.cab[Crystal Report Viewer Control] ->
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.3.1] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_11] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_11] ->
{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} [HKLM] -> http://www.live365.com/players/play365.cab[Live365Player Class] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] ->
{EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} [HKLM] -> http://companion.logitech.com/companion/lo...1/bin/imvid.cab[Reg Error: Key does not exist or could not be opened.] ->
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} [HKLM] -> http://fdl.msn.com/public/chat/msnchat45.cab[MSN Chat Control 4.5] ->
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} [HKLM] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab[Solitaire Showdown Class] ->
DirectAnimation Java Classes [HKLM] -> file://C:\WINNT\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINNT\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
TruePass EPF 7,0,100,717 [HKLM] -> https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab[Reg Error: Key does not exist or could not be opened.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0D5E92D2-0F0B-4FD6-AE91-B10A173FA060} -> (3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)) ->
{A5EB3653-8576-43B9-8236-E1D54BDCF212} -> () ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
c:\winnt\system32\riwumagu.dll qyzpmv.dll ezntpu.dll c:\winnt\system32\rijilutu.dll -> %SystemRoot%\system32\riwumagu.dll -> File not found
C:\WINNT\system32\wiwifezi.dll c:\winnt\system32\pafijisu.dll -> %SystemRoot%\system32\wiwifezi.dll -> [2009/01/16 17:26:36 | 00,064,187 | -HS- | M] ()
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
bcbadfbbed -> %SystemRoot%\system32\bcbadfbbed.dll -> [2009/01/13 20:38:32 | 00,312,847 | ---- | M] ()
NavLogon -> %SystemRoot%\System32\NavLogon.dll -> [2000/09/27 08:50:00 | 00,028,672 | ---- | M] ()
wzcnotif -> %SystemRoot%\system32\wzcdlg.dll -> [2003/06/19 13:05:04 | 00,052,496 | ---- | M] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\rijilutu.dll [SSODL] -> [2009/01/16 17:25:36 | 00,100,530 | -HS- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\rijilutu.dll [STS] -> [2009/01/16 17:25:36 | 00,100,530 | -HS- | M] ()
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
zpasspc.dll -> %SystemRoot%\system32\zpasspc.dll -> [1999/10/08 18:22:42 | 00,117,328 | R--- | M] (Microsoft Corporation)
zwebauth.dll -> %SystemRoot%\system32\zwebauth.dll -> [2001/09/18 18:37:34 | 00,016,973 | ---- | M] ()
*MultiFile Done* -> ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\Laurita\Local Settings\Temporary Internet Files\Content.IE5\EH74XGV6\installer_00004[1].exe" -> C:\Documents and Settings\Laurita\Local Settings\Temporary Internet Files\Content.IE5\EH74XGV6\installer_00004[1].exe [C:\Documents and Settings\Laurita\Local Settings\Temporary Internet Files\Content.IE5\EH74XGV6\installer_00004[1].exe:*:Enabled:installer] -> File not found
"C:\WINNT\system\rundll32.exe" -> C:\WINNT\system\rundll32.exe [C:\WINNT\system\rundll32.exe:*:Enabled:rundll32] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2003/06/19 13:05:04 | 00,027,984 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\Automatic [] -> %SystemDrive%\Automatic [ FAT32 ] -> [2002/07/31 00:03:06 | 00,000,000 | ---D | M]

[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/16/2009 11:04:59 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
Application [ Error ] 1/16/2009 11:06:39 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
Application [ Error ] 1/16/2009 11:14:26 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
Application [ Error ] 1/16/2009 11:26:07 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
Application [ Error ] 1/16/2009 11:26:13 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
Application [ Error ] 1/16/2009 11:28:33 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
Application [ Error ] 1/16/2009 11:28:44 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
Application [ Error ] 1/16/2009 11:29:15 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
Application [ Error ] 1/16/2009 11:33:30 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
Application [ Error ] 1/16/2009 11:33:56 PM Computer Name = DJ7WDN01 | Source = Norton AntiVirus | ID = 16711685 -> Description = Virus Found!Virus name: Trojan.Vundo in File: C:\WINNT\SYSTEM32\qyzpmv.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied
System [ Error ] 1/16/2009 8:09:31 PM Computer Name = DJ7WDN01 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: UdfReadr
System [ Error ] 1/16/2009 8:13:53 PM Computer Name = DJ7WDN01 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the Windows Management Instrumentation service to connect.
System [ Error ] 1/16/2009 8:13:56 PM Computer Name = DJ7WDN01 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1053" attempting to start the service WinMgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
System [ Error ] 1/16/2009 8:20:47 PM Computer Name = DJ7WDN01 | Source = DCOM | ID = 10010 -> Description = The server {6295DF2D-35EE-11D1-8707-00C04FD93327} did not register with DCOM within the required timeout.
System [ Error ] 1/16/2009 9:27:21 PM Computer Name = DJ7WDN01 | Source = DCOM | ID = 10010 -> Description = The server {DE5DBCDC-104A-4CBC-A4D5-0C2104A142C5} did not register with DCOM within the required timeout.
System [ Error ] 1/16/2009 9:28:52 PM Computer Name = DJ7WDN01 | Source = DCOM | ID = 10010 -> Description = The server {DE5DBCDC-104A-4CBC-A4D5-0C2104A142C5} did not register with DCOM within the required timeout.
System [ Error ] 1/16/2009 9:30:22 PM Computer Name = DJ7WDN01 | Source = DCOM | ID = 10010 -> Description = The server {DE5DBCDC-104A-4CBC-A4D5-0C2104A142C5} did not register with DCOM within the required timeout.
System [ Error ] 1/16/2009 9:31:58 PM Computer Name = DJ7WDN01 | Source = DCOM | ID = 10010 -> Description = The server {DE5DBCDC-104A-4CBC-A4D5-0C2104A142C5} did not register with DCOM within the required timeout.
System [ Error ] 1/16/2009 10:27:54 PM Computer Name = DJ7WDN01 | Source = DCOM | ID = 10010 -> Description = The server {DE5DBCDC-104A-4CBC-A4D5-0C2104A142C5} did not register with DCOM within the required timeout.
System [ Error ] 1/16/2009 10:29:25 PM Computer Name = DJ7WDN01 | Source = DCOM | ID = 10010 -> Description = The server {DE5DBCDC-104A-4CBC-A4D5-0C2104A142C5} did not register with DCOM within the required timeout.

[Files/Folders - Created Within 30 Days]
duweweba.dll -> %SystemRoot%\System32\duweweba.dll -> [2009/01/16 17:26:34 | 00,064,187 | -HS- | C] (SoftComplete Development)
wiwifezi.dll -> %SystemRoot%\System32\wiwifezi.dll -> [2009/01/16 17:26:34 | 00,064,187 | -HS- | C] ()
dijipire.dll -> %SystemRoot%\System32\dijipire.dll -> [2009/01/16 17:26:34 | 00,064,187 | -HS- | C] ()
peyokapu.dll -> %SystemRoot%\System32\peyokapu.dll -> [2009/01/16 17:25:37 | 00,000,000 | -HS- | C] ()
rijilutu.dll -> %SystemRoot%\System32\rijilutu.dll -> [2009/01/16 17:25:33 | 00,100,530 | -HS- | C] ()
ziyewila.dll -> %SystemRoot%\System32\ziyewila.dll -> [2009/01/16 17:25:33 | 00,064,187 | -HS- | C] (SoftComplete Development)
HijackThis.exe -> %UserProfile%\Desktop\HijackThis.exe -> [2009/01/16 17:24:39 | 00,218,112 | ---- | C] (Soeperman Enterprises Ltd.)
Perflib_Perfdata_25c.dat -> %SystemRoot%\System32\Perflib_Perfdata_25c.dat -> [2009/01/16 17:09:18 | 00,016,384 | ---- | C] ()
kbdhid.sys -> %SystemRoot%\System32\drivers\kbdhid.sys -> [2009/01/16 13:18:52 | 00,013,744 | ---- | C] (Microsoft Corporation)
hidusb.sys -> %SystemRoot%\System32\drivers\hidusb.sys -> [2009/01/16 13:18:51 | 00,013,904 | ---- | C] (Microsoft Corporation)
evigopiw.ini -> %SystemRoot%\System32\evigopiw.ini -> [2009/01/16 02:25:00 | 01,364,221 | -HS- | C] ()
lupeyoyu.dll -> %SystemRoot%\System32\lupeyoyu.dll -> [2009/01/16 02:24:58 | 00,127,771 | -HS- | C] ()
wipogive.dll -> %SystemRoot%\System32\wipogive.dll -> [2009/01/16 02:24:58 | 00,086,260 | -HS- | C] ()
ezukarib.ini -> %SystemRoot%\System32\ezukarib.ini -> [2009/01/15 14:24:34 | 01,364,221 | -HS- | C] ()
pafijisu.dll -> %SystemRoot%\System32\pafijisu.dll -> [2009/01/15 14:24:32 | 00,127,908 | -HS- | C] ()
rotirufe.dll -> %SystemRoot%\System32\rotirufe.dll -> [2009/01/15 10:23:00 | 00,086,016 | -HS- | C] (SoftComplete Development)
wewusigo.dll -> %SystemRoot%\System32\wewusigo.dll -> [2009/01/15 10:23:00 | 00,068,709 | -HS- | C] ()
azitoher.ini -> %SystemRoot%\System32\azitoher.ini -> [2009/01/14 22:23:32 | 01,354,815 | -HS- | C] ()
Exterminate It! -> %ProgramFiles%\Exterminate It! -> [2009/01/14 20:55:54 | 00,000,000 | ---D | C]
isokibev.ini -> %SystemRoot%\System32\isokibev.ini -> [2009/01/14 01:32:01 | 01,335,039 | -HS- | C] ()
qyzpmv.dll -> %SystemRoot%\System32\qyzpmv.dll -> [2009/01/14 01:32:01 | 00,131,698 | ---- | C] ()
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/01/13 22:04:23 | 00,142,096 | ---- | C] (Trend Micro Inc.)
dakuzuso.dll -> %SystemRoot%\System32\dakuzuso.dll -> [2009/01/13 21:06:52 | 00,006,144 | -HS- | C] ()
Perflib_Perfdata_268.dat -> %SystemRoot%\System32\Perflib_Perfdata_268.dat -> [2009/01/13 20:05:58 | 00,016,384 | ---- | C] ()
Perflib_Perfdata_280.dat -> %SystemRoot%\System32\Perflib_Perfdata_280.dat -> [2008/12/27 00:00:44 | 00,016,384 | ---- | C] ()
Perflib_Perfdata_27c.dat -> %SystemRoot%\System32\Perflib_Perfdata_27c.dat -> [2008/12/26 20:47:51 | 00,016,384 | ---- | C] ()
idoyohom.ini -> %SystemRoot%\System32\idoyohom.ini -> [2008/12/26 17:03:44 | 01,286,005 | -HS- | C] ()
DVD-Cloner VI.lnk -> %UserProfile%\Desktop\DVD-Cloner VI.lnk -> [2008/12/26 16:41:54 | 00,000,459 | ---- | C] ()
Dvd-cloner -> %ProgramFiles%\Dvd-cloner -> [2008/12/26 16:41:46 | 00,000,000 | ---D | C]
Perflib_Perfdata_258.dat -> %SystemRoot%\System32\Perflib_Perfdata_258.dat -> [2008/12/26 16:00:34 | 00,016,384 | ---- | C] ()
Perflib_Perfdata_260.dat -> %SystemRoot%\System32\Perflib_Perfdata_260.dat -> [2008/12/25 12:02:38 | 00,016,384 | ---- | C] ()
Perflib_Perfdata_250.dat -> %SystemRoot%\System32\Perflib_Perfdata_250.dat -> [2008/12/25 02:02:49 | 00,016,384 | ---- | C] ()
Perflib_Perfdata_4c0.dat -> %SystemRoot%\System32\Perflib_Perfdata_4c0.dat -> [2008/12/25 00:15:49 | 00,016,384 | ---- | C] ()
Perflib_Perfdata_254.dat -> %SystemRoot%\System32\Perflib_Perfdata_254.dat -> [2008/12/23 19:12:16 | 00,016,384 | ---- | C] ()
mouhid.sys -> %SystemRoot%\System32\drivers\mouhid.sys -> [2008/12/23 17:28:59 | 00,011,632 | ---- | C] (Microsoft Corporation)
mouhid.sys -> %SystemRoot%\System32\dllcache\mouhid.sys -> [2008/12/23 17:28:59 | 00,011,632 | ---- | C] (Microsoft Corporation)
mouclass.sys -> %SystemRoot%\System32\drivers\mouclass.sys -> [2008/12/23 17:28:49 | 00,021,776 | ---- | C] (Microsoft Corporation)
mouclass.sys -> %SystemRoot%\System32\dllcache\mouclass.sys -> [2008/12/23 17:28:49 | 00,021,776 | ---- | C] (Microsoft Corporation)
DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [2008/12/23 15:58:45 | 00,000,000 | ---D | C]
DVD Shrink 3.2.lnk -> %UserProfile%\Desktop\DVD Shrink 3.2.lnk -> [2008/12/23 15:58:37 | 00,000,471 | ---- | C] ()
DVD Shrink -> %ProgramFiles%\DVD Shrink -> [2008/12/23 15:58:25 | 00,000,000 | ---D | C]
µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [2008/12/23 15:46:21 | 00,000,439 | ---- | C] ()
uTorrent -> %ProgramFiles%\uTorrent -> [2008/12/23 15:46:17 | 00,000,000 | ---D | C]
uTorrent -> %AppData%\uTorrent -> [2008/12/23 15:46:12 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/22 16:05:20 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/22 16:05:20 | 00,000,483 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/22 16:05:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/22 16:05:12 | 00,000,000 | ---D | C]
Perflib_Perfdata_6dc.dat -> %SystemRoot%\System32\Perflib_Perfdata_6dc.dat -> [2008/12/22 15:30:08 | 00,016,384 | ---- | C] ()

[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [2001/06/14 17:50:48 | 00,000,000 | ---D | M]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2006/10/24 11:52:46 | 00,016,972 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\NETWORK\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\NETWORK\Downloader -> [2003/05/26 06:10:48 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\NETWORK\Downloader\qmgr0.dat -> [2008/12/18 00:13:38 | 00,004,232 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\NETWORK\Downloader\qmgr1.dat -> [2008/12/18 00:13:36 | 00,004,617 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [2001/06/14 18:15:10 | 00,000,000 | ---D | M]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [2001/06/24 13:53:52 | 00,003,804 | ---- | M] ()
C:\Documents and Settings\Laurita\Local Settings\Temp\ -> C:\Documents and Settings\Laurita\Local Settings\Temp -> [2003/05/25 00:02:56 | 00,000,000 | ---D | M]
msnsearch.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\msnsearch.exe -> [2007/08/31 18:59:02 | 00,228,824 | ---- | M] (Microsoft Corporation)
ytb.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\ytb.exe -> [2008/04/02 15:35:16 | 00,325,656 | ---- | M] (Yahoo! Inc.)
MCCCleanup.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\MCCCleanup.exe -> [2004/01/30 17:08:06 | 00,118,784 | ---- | M] (Motive Communications, Inc.)
matcleanup.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\matcleanup.exe -> [2004/03/16 17:50:02 | 00,016,384 | ---- | M] ()
setup_wm.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\setup_wm.exe -> [2002/12/11 15:08:34 | 00,749,568 | ---- | M] (Microsoft Corporation)
96 C:\Documents and Settings\Laurita\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Laurita\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003363\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003363 -> [2008/12/24 23:06:08 | 00,000,000 | ---D | M]
ipclog.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003363\ipclog.exe -> [2008/12/10 07:13:18 | 00,111,912 | ---- | M] (Nero AG)
setupx.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003363\setupx.exe -> [2008/12/10 07:13:18 | 05,903,656 | ---- | M] (Nero AG)
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003363\unit_app_75\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003363\unit_app_75 -> [2008/12/24 23:07:50 | 00,000,000 | ---D | M]
Toolbar.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003363\unit_app_75\Toolbar.exe -> [2008/12/11 07:59:42 | 00,483,328 | ---- | M] ()
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399 -> [2008/12/24 22:57:08 | 00,000,000 | ---D | M]
ipclog.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\ipclog.exe -> [2008/12/10 07:13:18 | 00,111,912 | ---- | M] (Nero AG)
setupx.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\setupx.exe -> [2008/12/10 07:13:18 | 05,903,656 | ---- | M] (Nero AG)
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_app_75\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_app_75 -> [2008/12/24 23:04:18 | 00,000,000 | ---D | M]
Toolbar.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_app_75\Toolbar.exe -> [2008/12/15 04:16:58 | 00,483,328 | ---- | M] ()
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist -> [2008/12/24 22:57:28 | 00,000,000 | ---D | M]
dxsetup.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist\dxsetup.exe -> [2008/12/15 04:20:24 | 00,472,576 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist-d3dx9-30\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist-d3dx9-30 -> [2008/12/24 22:57:26 | 00,000,000 | ---D | M]
DXSETUP.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist-d3dx9-30\DXSETUP.exe -> [2008/12/15 04:20:40 | 00,484,632 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_dotnet-3.0-x64\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_dotnet-3.0-x64 -> [2008/12/24 22:57:10 | 00,000,000 | ---D | M]
dotnetfx3_x64.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_dotnet-3.0-x64\dotnetfx3_x64.exe -> [2008/12/15 04:18:00 | 94,482,712 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_dotnet-3.0-x86\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_dotnet-3.0-x86 -> [2008/12/24 22:57:10 | 00,000,000 | ---D | M]
dotnetfx3.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_dotnet-3.0-x86\dotnetfx3.exe -> [2008/12/15 04:18:04 | 52,770,576 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_windows-installer-3.1\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_windows-installer-3.1 -> [2008/12/24 22:57:12 | 00,000,000 | ---D | M]
WindowsInstaller-KB893803-v2-x86.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_windows-installer-3.1\WindowsInstaller-KB893803-v2-x86.exe -> [2008/12/15 04:20:00 | 02,585,872 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046 -> [2008/08/14 15:29:14 | 00,000,000 | ---D | M]
SetupX.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\SetupX.exe -> [2007/04/19 18:10:22 | 01,787,440 | ---- | M] (Nero AG)
C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Redist\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Redist -> [2007/05/15 17:03:16 | 00,000,000 | ---D | M]
WindowsInstaller-KB884016-v2-x86.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Redist\WindowsInstaller-KB884016-v2-x86.exe -> [2007/02/09 14:59:26 | 02,003,176 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Setup\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Setup -> [2007/05/15 17:03:18 | 00,000,000 | ---D | M]
NeroDelTmp.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Setup\NeroDelTmp.exe -> [2007/04/19 18:10:10 | 01,017,392 | ---- | M] (Nero AG)
UninstallNero.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Setup\UninstallNero.exe -> [2007/04/19 18:10:20 | 01,103,408 | ---- | M] (Nero AG)
C:\Documents and Settings\Laurita\Local Settings\Temp\TELUS\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\TELUS -> [2007/11/24 15:55:14 | 00,000,000 | ---D | M]
eProtect_Setup_6_0.exe -> C:\Documents and Settings\Laurita\Local Settings\Temp\TELUS\eProtect_Setup_6_0.exe -> [2007/09/21 08:40:38 | 35,405,104 | R--- | M] (TELUS)
C:\Documents and Settings\Laurita\Local Settings\Temp\.viv\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\.viv\ -> [2008/04/17 18:48:58 | 00,000,000 | ---D | M]
1208479737393playershim32.9.dll -> C:\Documents and Settings\Laurita\Local Settings\Temp\.viv\1208479737393playershim32.9.dll -> [2008/04/17 18:48:58 | 00,032,768 | ---- | M] ()
1208479748078playershim32.9.dll -> C:\Documents and Settings\Laurita\Local Settings\Temp\.viv\1208479748078playershim32.9.dll -> [2008/04/17 18:49:10 | 00,032,768 | ---- | M] ()
C:\Documents and Settings\Laurita\Local Settings\Temp\is-A4GID.tmp\_isetup\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\is-A4GID.tmp\_isetup -> [2008/12/22 16:04:58 | 00,000,000 | ---D | M]
_shfoldr.dll -> C:\Documents and Settings\Laurita\Local Settings\Temp\is-A4GID.tmp\_isetup\_shfoldr.dll -> [2008/12/22 16:04:58 | 00,023,312 | ---- | M] (Microsoft Corporation)
1 C:\Documents and Settings\Laurita\Local Settings\Temp\is-A4GID.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Laurita\Local Settings\Temp\is-A4GID.tmp\_isetup\*.tmp ->
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist -> [2008/12/24 22:57:28 | 00,000,000 | ---D | M]
DSETUP.dll -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist\DSETUP.dll -> [2008/12/15 04:20:22 | 00,062,976 | ---- | M] (Microsoft Corporation)
dsetup32.dll -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist\dsetup32.dll -> [2008/12/15 04:20:24 | 02,242,560 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist-d3dx9-30\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist-d3dx9-30 -> [2008/12/24 22:57:26 | 00,000,000 | ---D | M]
DSETUP.dll -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist-d3dx9-30\DSETUP.dll -> [2008/12/15 04:20:40 | 00,074,520 | ---- | M] (Microsoft Corporation)
dsetup32.dll -> C:\Documents and Settings\Laurita\Local Settings\Temp\NERO1003399\unit_tpi_directx-9c-redist-d3dx9-30\dsetup32.dll -> [2008/12/15 04:20:40 | 02,248,984 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Setup\ -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Setup -> [2007/05/15 17:03:18 | 00,000,000 | ---D | M]
eulaver.dll -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Setup\eulaver.dll -> [2007/03/23 15:46:40 | 00,161,328 | ---- | M] (Nero AG)
NPS.dll -> C:\Documents and Settings\Laurita\Local Settings\Temp\NeroDemo13046\Setup\NPS.dll -> [2007/04/19 18:10:20 | 03,769,904 | ---- | M] (Nero AG)
C:\WINNT\Temp\LG_FW_Update\ -> C:\WINNT\Temp\LG_FW_Update -> [2008/08/14 15:25:54 | 00,000,000 | ---D | M]
Setup.exe -> C:\WINNT\Temp\LG_FW_Update\Setup.exe -> [2000/10/05 02:05:30 | 00,165,888 | R--- | M] (InstallShield Software Corporation)
DelayLaunch.exe -> C:\WINNT\Temp\LG_FW_Update\DelayLaunch.exe -> [2006/11/29 23:10:44 | 00,143,360 | ---- | M] ()
hebinori -> %SystemRoot%\System32\hebinori -> [2009/01/16 20:36:56 | 00,004,100 | -H-- | M] ()
duweweba.dll -> %SystemRoot%\System32\duweweba.dll -> [2009/01/16 17:26:36 | 00,064,187 | -HS- | M] (SoftComplete Development)
wiwifezi.dll -> %SystemRoot%\System32\wiwifezi.dll -> [2009/01/16 17:26:36 | 00,064,187 | -HS- | M] ()
dijipire.dll -> %SystemRoot%\System32\dijipire.dll -> [2009/01/16 17:26:36 | 00,064,187 | -HS- | M] ()
peyokapu.dll -> %SystemRoot%\System32\peyokapu.dll -> [2009/01/16 17:25:38 | 00,000,000 | -HS- | M] ()
rijilutu.dll -> %SystemRoot%\System32\rijilutu.dll -> [2009/01/16 17:25:36 | 00,100,530 | -HS- | M] ()
ziyewila.dll -> %SystemRoot%\System32\ziyewila.dll -> [2009/01/16 17:25:36 | 00,064,187 | -HS- | M] (SoftComplete Development)
lgfwup.ini -> %SystemRoot%\lgfwup.ini -> [2009/01/16 17:13:32 | 00,000,289 | ---- | M] ()
Msiosd.ini -> %SystemRoot%\Msiosd.ini -> [2009/01/16 17:10:52 | 00,000,245 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/16 17:09:30 | 00,000,006 | -H-- | M] ()
Perflib_Perfdata_25c.dat -> %SystemRoot%\System32\Perflib_Perfdata_25c.dat -> [2009/01/16 17:09:20 | 00,016,384 | ---- | M] ()
evigopiw.ini -> %SystemRoot%\System32\evigopiw.ini -> [2009/01/16 02:25:56 | 01,364,221 | -HS- | M] ()
lupeyoyu.dll -> %SystemRoot%\System32\lupeyoyu.dll -> [2009/01/16 02:25:02 | 00,127,771 | -HS- | M] ()
wipogive.dll -> %SystemRoot%\System32\wipogive.dll -> [2009/01/16 02:25:00 | 00,086,260 | -HS- | M] ()
ezukarib.ini -> %SystemRoot%\System32\ezukarib.ini -> [2009/01/15 14:25:10 | 01,364,221 | -HS- | M] ()
pafijisu.dll -> %SystemRoot%\System32\pafijisu.dll -> [2009/01/15 14:24:36 | 00,127,908 | -HS- | M] ()
rotirufe.dll -> %SystemRoot%\System32\rotirufe.dll -> [2009/01/15 10:23:02 | 00,086,016 | -HS- | M] (SoftComplete Development)
wewusigo.dll -> %SystemRoot%\System32\wewusigo.dll -> [2009/01/15 10:23:02 | 00,068,709 | -HS- | M] ()
azitoher.ini -> %SystemRoot%\System32\azitoher.ini -> [2009/01/14 22:26:12 | 01,354,815 | -HS- | M] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2009/01/14 07:14:58 | 00,001,385 | ---- | M] ()
isokibev.ini -> %SystemRoot%\System32\isokibev.ini -> [2009/01/14 01:32:14 | 01,335,039 | -HS- | M] ()
qyzpmv.dll -> %SystemRoot%\System32\qyzpmv.dll -> [2009/01/14 01:32:02 | 00,131,698 | ---- | M] ()
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/01/13 22:04:24 | 00,142,096 | ---- | M] (Trend Micro Inc.)
dakuzuso.dll -> %SystemRoot%\System32\dakuzuso.dll -> [2009/01/13 21:06:54 | 00,006,144 | -HS- | M] ()
bcbadfbbed.dll -> %SystemRoot%\System32\bcbadfbbed.dll -> [2009/01/13 20:38:32 | 00,312,847 | ---- | M] ()
Perflib_Perfdata_268.dat -> %SystemRoot%\System32\Perflib_Perfdata_268.dat -> [2009/01/13 20:06:00 | 00,016,384 | ---- | M] ()
virus bleepe.doc -> %UserProfile%\Desktop\virus bleepe.doc -> [2008/12/27 06:27:50 | 00,049,152 | ---- | M] ()
Perflib_Perfdata_280.dat -> %SystemRoot%\System32\Perflib_Perfdata_280.dat -> [2008/12/27 00:00:46 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_27c.dat -> %SystemRoot%\System32\Perflib_Perfdata_27c.dat -> [2008/12/26 20:47:52 | 00,016,384 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/26 19:28:58 | 00,000,483 | ---- | M] ()
idoyohom.ini -> %SystemRoot%\System32\idoyohom.ini -> [2008/12/26 17:03:50 | 01,286,005 | -HS- | M] ()
DVD-Cloner VI.lnk -> %UserProfile%\Desktop\DVD-Cloner VI.lnk -> [2008/12/26 16:41:56 | 00,000,459 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/26 16:13:50 | 00,000,069 | ---- | M] ()
Perflib_Perfdata_258.dat -> %SystemRoot%\System32\Perflib_Perfdata_258.dat -> [2008/12/26 16:00:36 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_260.dat -> %SystemRoot%\System32\Perflib_Perfdata_260.dat -> [2008/12/25 12:02:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_250.dat -> %SystemRoot%\System32\Perflib_Perfdata_250.dat -> [2008/12/25 02:02:50 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4c0.dat -> %SystemRoot%\System32\Perflib_Perfdata_4c0.dat -> [2008/12/25 00:15:50 | 00,016,384 | ---- | M] ()
Nero Online Upgrade.lnk -> %AllUsersProfile%\Desktop\Nero Online Upgrade.lnk -> [2008/12/24 20:16:42 | 00,001,614 | ---- | M] ()
Nero StartSmart Essentials.lnk -> %AllUsersProfile%\Desktop\Nero StartSmart Essentials.lnk -> [2008/12/24 01:07:50 | 00,002,090 | ---- | M] ()
SecurDisc Viewer.lnk -> %AllUsersProfile%\Desktop\SecurDisc Viewer.lnk -> [2008/12/24 01:01:18 | 00,001,758 | ---- | M] ()
CyberLink DVD Suite.lnk -> %AllUsersProfile%\Desktop\CyberLink DVD Suite.lnk -> [2008/12/24 00:55:40 | 00,001,482 | ---- | M] ()
Perflib_Perfdata_254.dat -> %SystemRoot%\System32\Perflib_Perfdata_254.dat -> [2008/12/23 19:12:18 | 00,016,384 | ---- | M] ()
DVD Shrink 3.2.lnk -> %UserProfile%\Desktop\DVD Shrink 3.2.lnk -> [2008/12/23 15:58:38 | 00,000,471 | ---- | M] ()
µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [2008/12/23 15:46:22 | 00,000,439 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/12/22 15:30:12 | 00,000,284 | ---- | M] ()
Perflib_Perfdata_6dc.dat -> %SystemRoot%\System32\Perflib_Perfdata_6dc.dat -> [2008/12/22 15:30:10 | 00,016,384 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/12/21 20:50:40 | 00,054,156 | -H-- | M] ()
winamp.ini -> %SystemRoot%\winamp.ini -> [2008/12/18 00:09:16 | 00,001,125 | ---- | M] ()
< End of report >
[/code]

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 17 January 2009 - 06:45 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 hannah9

hannah9
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 17 January 2009 - 10:22 AM

Thanks for your reply.

I would LOVE to run Malawarebytes, but as mentioned in my original post, I have it but CANNOT run it, nor can I uninstall it to re-install and then possibly run it. NOT EVEN in SAFE MODE. I will try and play with it yet some more and see if re-installing it (over itself?) will work. I should also have mentioned that I have MS Juan in the mix. The PC is becoming unuseable. Last night it launched a series of IE browsers while I was doing something else and when I got back to it there were 56 browser windows open. I keep it disconnected from the Internet. Will struggle some more with this and be back with any logs I can get.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 17 January 2009 - 03:05 PM

Ok.. Lets do this then.. :thumbup2:


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 hannah9

hannah9
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 19 January 2009 - 02:05 AM

Thanks for your response.

Ok, I ran Combofix.
A couple of questions:

Just before it rebooted there was a message that popped up saying I am low on registry space.
After it restarted after reboot there were a number of lines displayed in the combofix window, I can't recall what they said but they referred to registry keys that could not be found or something like that. It was the same line displayed repeatedly about 20x.
I noted in the combofix log that it says there are no new files that were created in the last month. This is absolutely not correct.
It also said there were no hidden files found.
I also noted in the log at the beginning, it said I have no System Restore installed. How do I remedy that?

Since I was afraid to do anything with the internet/browsers on the PC I saved the combofix log to my portable HD; however when I looked for the logfile it wasn't there..... :)

So....

Since I had previously manually deleted all the MBAM files I could because the uninstall would not work, I have now re-installed Malwarebytes since it appears CF has killed off whatever was preventing that. I am running a full scan of both the PC HD and the portable HD (since I am now paranoid :thumbup2: ). Will post the log when it's done.

#6 hannah9

hannah9
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 20 January 2009 - 01:06 AM

Well I ran MBAM. Only problem is, I was scanning PC HD as well as portable HD and it took so long (portable HD has thousands of music files) that I had to leave it running when I left for the office, and a Windows Update came in and shut down PC and the MBAM logfile didn't get saved.

Here are the things I did next, in order. Please note the only one of these following scans that deleted anything was MBAM. The rest I ran for information only:

I ran MBAM again, on the PC. Here is the log:

Malwarebytes' Anti-Malware 1.33
Database version: 1668
Windows 5.0.2195 Service Pack 4

2009-01-19 19:33:26
mbam-log-2009-01-19 (19-33-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 115219
Time elapsed: 34 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar (Trojan.Istbar) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\SYSTEM32\9008d6f802d0c2c4d4d9b60f3a312c49.TMP (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\qyzpmv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.


I rebooted.

I then ran Hijackthis because now that most of the virus is off the machine I can run it:
I just got a message from this board saying my version of HJT this is old. I will rerun that now and post the new log but I didn't want to lose the rest of this post.


I also found some of the logfiles that had been generated by Combofix and in here is the quarantine list:

1980-01-01 00:00:00 A------- 5,296 C:\Qoobox\Quarantine\C\WINNT\WEB\DEFAULT.HTT.vir
1994-09-02 17:01:28 A------- 32,596 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\instsrv.exe.vir
2001-12-02 18:53:52 A------- 71,806 C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.exe.vir
2002-09-29 14:29:19 A------- 275 C:\Qoobox\Quarantine\C\WINNT\readme.txt.vir
2002-10-28 21:30:52 A------- 1,055 C:\Qoobox\Quarantine\C\WINNT\IE4 Error Log.txt.vir
2003-11-12 13:03:11 A------- 61,860 C:\Qoobox\Quarantine\C\Program Files\INSTALL.LOG.vir
2007-03-03 04:30:12 A------- 312,847 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\bcbadfbbed.dll.vir
2008-11-29 21:00:30 A------- 810 C:\Qoobox\Quarantine\C\log.udt.vir
2008-12-26 17:03:44 A------- 1,286,005 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\idoyohom.ini.vir
2009-01-13 21:06:52 A------- 6,144 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\dakuzuso.dll.vir
2009-01-13 21:07:53 A------- 64,195 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\puyekari.dll.tmp.vir
2009-01-13 21:07:53 A------- 64,195 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\soziredo.dll.tmp.vir
2009-01-13 21:07:53 A------- 64,195 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\zajifali.dll.tmp.vir
2009-01-14 01:32:01 A------- 131,698 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\qyzpmv.dll.vir
2009-01-14 01:32:01 A------- 1,335,039 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\isokibev.ini.vir
2009-01-14 22:23:32 A------- 1,354,815 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\azitoher.ini.vir
2009-01-15 10:23:00 A------- 68,709 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\wewusigo.dll.vir
2009-01-15 10:23:00 A------- 86,016 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\rotirufe.dll.vir
2009-01-15 14:24:34 A------- 1,364,221 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\ezukarib.ini.vir
2009-01-16 02:24:58 A------- 86,260 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\wipogive.dll.vir
2009-01-16 02:25:00 A------- 1,364,221 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\evigopiw.ini.vir
2009-01-16 17:25:33 A------- 64,187 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\ziyewila.dll.vir
2009-01-16 17:25:33 A------- 100,530 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\rijilutu.dll.vir
2009-01-16 17:25:37 A------- 0 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\peyokapu.dll.vir
2009-01-16 17:26:34 A------- 64,187 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\dijipire.dll.vir
2009-01-16 17:26:34 A------- 64,187 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\duweweba.dll.vir
2009-01-16 17:26:34 A------- 64,187 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\wiwifezi.dll.vir
2009-01-18 16:33:00 A------- 230 C:\Qoobox\Quarantine\catchme.log
2009-01-18 16:36:38 A------- 244,779 C:\Qoobox\Quarantine\C\WINNT\SYSTEM32\_bcbadfbbed_.dll.zip
2009-01-18 16:37:19 A------- 8,514 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-01-18 16:37:35 A------- 790 C:\Qoobox\Quarantine\Registry_backups\Legacy_ZESOFT.reg.dat
2009-01-18 16:48:16 A------- 201 C:\Qoobox\Quarantine\Registry_backups\BHO-{63166905-ce30-4af9-944b-6312c2b96105}.reg.dat
2009-01-18 16:48:16 A------- 372 C:\Qoobox\Quarantine\Registry_backups\BHO-{112df4bd-cb24-44b2-9198-915b984e522e}.reg.dat
2009-01-18 16:48:18 A------- 171 C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{E6AE90A4-1B01-47F0-AA78-E6B122E145E9}.reg.dat



Things are much better, but all is not clear.

I then did a search of all files added in the last day and noted this suspicious file:
C:\WINNT\SYSTEM32\hebinori
this was not detected by any of the scans I did (MBAM, HJT or SpyNoMore) and today is the first time I have seen this one.

I then ran SNM and it shows:

HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar (this has been around for a long time and I cannot delete registry key)


HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar\Historyfiles (this has been around for a long time and cannot delete registry key)


C:\WINNT\Downloaded Program Files\activeinstall.inf
C:\WINNT\Downloaded Program Files\installer.inf (If I browse this folder I do not see these files. They have been around and showing up on these scans for quite a while (at least a month)


HKEY_CURRENT_USER\software\wget (SNM classifies this as Trojan/Bifrost). This is new today.


Please advise what my next steps should be. Your help is greatly appreciated.

#7 hannah9

hannah9
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 20 January 2009 - 01:37 AM

I got brash and DL'd HJT directly to the pc and attempted to post using Firefox. I got redirected 3 times :thumbup2: .

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34, on 2009-01-19
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINNT\system32\lxdicoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Dell\Solution Center\Service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\ht\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DDSMEkl - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\WINNT\system32\vumer.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - Global Startup: Dell Service.lnk = C:\Program Files\Dell\Solution Center\Service.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim.exe
O12 - Plugin for .htm&ARIReportName=GSAMReport&ARIAgentReportRunName=GS018&Title=Alberta^System^Daily^Customer^Reports&ReportRunID=5385408&ReportFormat=pdf&ARIActionType=View: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/us/sa/common/c...n/bin/cabsa.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://gmsweb.alliance-pipeline.com/viewer...tivexviewer.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} - http://companion.logitech.com/companion/lo...1/bin/imvid.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINNT\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINNT\system32\lxdicoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\TELUSE~1\SMARTB~1\SBHookSvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Canon\ZoomBrowser EX\Image Library One\2004_11_06\119-1907a_IMG.JPG
O24 - Desktop Component 1: (no name) - C:\Program Files\Canon\ZoomBrowser EX\Image Library One\111-1121_IMG.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Laurita\My Documents\My Pictures\110-1041_IMG.JPG

--
End of file - 10490 bytes

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 20 January 2009 - 07:42 AM

Do below please...


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. RSIT log.txt
2. RSIT info.txt
3. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 hannah9

hannah9
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 20 January 2009 - 09:23 AM

RSIT ran but appeared to hang at the end. It did create the logfiles which I found in its folder:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Laurita at 2009-01-20 07:04:20
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 19 GB (49%) free of 38 GB
Total RAM: 255 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:04, on 2009-01-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINNT\system32\lxdicoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Dell\Solution Center\Service.exe
C:\Documents and Settings\Laurita\Desktop\RSIT.exe
C:\ht\Laurita.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DDSMEkl - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\WINNT\system32\vumer.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - Global Startup: Dell Service.lnk = C:\Program Files\Dell\Solution Center\Service.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim.exe
O12 - Plugin for .htm&ARIReportName=GSAMReport&ARIAgentReportRunName=GS018&Title=Alberta^System^Daily^Customer^Reports&ReportRunID=5385408&ReportFormat=pdf&ARIActionType=View: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/us/sa/common/c...n/bin/cabsa.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://gmsweb.alliance-pipeline.com/viewer...tivexviewer.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} - http://companion.logitech.com/companion/lo...1/bin/imvid.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINNT\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINNT\system32\lxdicoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\TELUSE~1\SMARTB~1\SBHookSvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Canon\ZoomBrowser EX\Image Library One\2004_11_06\119-1907a_IMG.JPG
O24 - Desktop Component 1: (no name) - C:\Program Files\Canon\ZoomBrowser EX\Image Library One\111-1121_IMG.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Laurita\My Documents\My Pictures\110-1041_IMG.JPG

--
End of file - 10395 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Symantec NetDetect.job
C:\WINNT\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2502BBD0-D73B-11DD-B4EC-CEBF56D89593}]
DDSMEkl - C:\WINNT\system32\vumer.dll [2003-08-01 199696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2003-10-06 5058560]
"MULTIMEDIA KEYBOARD"=C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe [2000-09-21 126976]
"LoadQM"=C:\WINNT\loadqm.exe [2000-05-03 7536]
"vptray"=C:\PROGRA~1\NavNT\vptray.exe [2000-09-27 53248]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-28 180269]
"SNM"=C:\Program Files\SpyNoMore\SNM.exe [2008-12-09 1064400]
"Logitech Utility"=C:\WINNT\Logi_MwX.Exe [2003-12-17 19968]
"TELUS_eCare_Lite_McciTrayApp"=C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe [2007-01-24 1007720]
"lxdimon.exe"=C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [2007-07-16 434864]
"lxdiamon"=C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [2007-07-16 25264]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2008-12-27 548864]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2001-02-20 8192]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Dell Service.lnk - C:\Program Files\Dell\Solution Center\Service.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINNT\System32\NavLogon.dll [2000-09-27 28672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINNT\system32\wiwifezi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zpasspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINNT\system\rundll32.exe"="C:\WINNT\system\rundll32.exe:*:Enabled:rundll32"
"C:\Documents and Settings\Laurita\Local Settings\Temporary Internet Files\Content.IE5\EH74XGV6\installer_00004[1].exe"="C:\Documents and Settings\Laurita\Local Settings\Temporary Internet Files\Content.IE5\EH74XGV6\installer_00004[1].exe:*:Enabled:installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-20 07:04:20 ----D---- C:\rsit
2009-01-19 23:33:20 ----D---- C:\ht
2009-01-19 15:03:22 ----HD---- C:\WINNT\$NtUninstallKB958687$
2009-01-19 15:00:17 ----A---- C:\WINNT\system32\MRT.exe
2009-01-18 16:50:03 ----D---- C:\WINNT\temp
2009-01-18 16:49:54 ----A---- C:\ComboFix.txt
2009-01-18 16:33:04 ----A---- C:\WINNT\zip.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\VFIND.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\SWXCACLS.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\SWSC.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\SWREG.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\sed.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\NIRCMD.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\grep.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\fdsv.exe
2009-01-18 16:33:00 ----D---- C:\WINNT\ERDNT
2009-01-18 16:33:00 ----D---- C:\Qoobox
2009-01-18 16:33:00 ----D---- C:\Combo-Fix
2009-01-16 02:24:58 ----ASH---- C:\WINNT\system32\lupeyoyu.dll
2009-01-15 14:24:32 ----ASH---- C:\WINNT\system32\pafijisu.dll
2009-01-14 20:55:54 ----D---- C:\Program Files\Exterminate It!
2008-12-26 16:41:46 ----D---- C:\Program Files\Dvd-cloner
2008-12-23 15:58:45 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-12-23 15:58:25 ----D---- C:\Program Files\DVD Shrink
2008-12-23 15:46:17 ----D---- C:\Program Files\uTorrent
2008-12-23 15:46:12 ----D---- C:\Documents and Settings\Laurita\Application Data\uTorrent
2008-12-22 16:05:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-18 00:10:01 ----HD---- C:\WINNT\$NtUninstallKB960714-IE6SP1-20081211.120000$
2008-12-17 02:52:05 ----D---- C:\Program Files\Trend Micro
2008-12-13 00:27:05 ----A---- C:\WINNT\system32\javaws.exe
2008-12-13 00:27:05 ----A---- C:\WINNT\system32\javaw.exe
2008-12-13 00:27:05 ----A---- C:\WINNT\system32\deploytk.dll
2008-12-13 00:27:04 ----A---- C:\WINNT\system32\java.exe
2008-12-12 15:02:11 ----HD---- C:\WINNT\$NtUninstallKB952069_WM71$
2008-12-12 15:01:47 ----HD---- C:\WINNT\$NtUninstallKB954600_WM41$
2008-12-12 15:01:18 ----HD---- C:\WINNT\$NtUninstallKB958215-IE6SP1-20081016.120000$
2008-12-12 15:00:45 ----HD---- C:\WINNT\$NtUninstallKB956802$
2008-12-10 23:03:00 ----A---- C:\WINNT\system32\MSHTML.DLL
2008-12-01 13:00:44 ----D---- C:\BroadJump
2008-11-30 11:56:24 ----D---- C:\Documents and Settings\Laurita\Application Data\Malwarebytes
2008-11-30 11:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-14 22:58:23 ----D---- C:\Program Files\MSN Toolbar
2008-11-14 10:52:30 ----HD---- C:\WINNT\$NtUninstallKB955069$
2008-11-14 10:45:30 ----HD---- C:\WINNT\$NtUninstallKB957097$
2008-10-24 18:34:04 ----HD---- C:\WINNT\$NtUninstallKB958644$
2008-10-22 22:27:42 ----A---- C:\WINNT\system32\GDI32.DLL

======List of files/folders modified in the last 3 months======

2009-01-20 01:51:34 ----A---- C:\WINNT\Msiosd.ini
2009-01-19 21:55:08 ----A---- C:\WINNT\lgfwup.ini
2009-01-18 16:41:14 ----A---- C:\WINNT\system.ini
2009-01-18 16:34:18 ----A---- C:\WINNT\ntbtlog.txt
2009-01-18 15:45:38 ----A---- C:\WINNT\SCHEDLGU.TXT
2008-12-26 16:13:50 ----A---- C:\WINNT\NeroDigital.ini
2008-12-18 00:10:20 ----A---- C:\WINNT\imsins.BAK
2008-12-18 00:09:16 ----A---- C:\WINNT\winamp.ini
2008-11-16 11:15:28 ----A---- C:\WINNT\system32\DFRG.MSC
2008-11-13 10:40:14 ----A---- C:\WINNT\ModemLog_U.S. Robotics 56K Voice PCI.txt
2008-11-07 18:32:20 ----A---- C:\WINNT\system32\WMVCore.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmosa;cmosa; C:\WINNT\System32\DRIVERS\cmosa.sys [2000-10-06 29344]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINNT\System32\DRIVERS\msikbd2k.sys [2000-06-06 6883]
R2 NAVAPEL;NAVAPEL; \??\C:\PROGRA~1\NavNT\NAVAPEL.SYS []
R2 Secdrv;Secdrv; \??\C:\WINNT\System32\drivers\SECDRV.SYS []
R3 EL90Xbc;3Com 3C90X-BC Family PCI EtherLink Adapter; C:\WINNT\System32\DRIVERS\el90Xbc5.SYS [2001-03-27 67317]
R3 es1371mp;SB AudioPCI 64V Audio Driver (WDM); C:\WINNT\system32\drivers\es1371mp.sys [1999-12-23 42623]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINNT\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINNT\System32\Drivers\LHidUsb.Sys [2003-12-17 37887]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINNT\System32\Drivers\LMouFlt2.sys [2003-12-17 70801]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [1999-09-25 16144]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
R3 MTsensor;MTsensor; C:\WINNT\System32\DRIVERS\MTsensor.sys [2000-10-06 14392]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
R4 InCDfs;InCD File System; C:\WINNT\system32\drivers\InCDFs.sys [2007-05-15 118576]
S1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2003-08-16 58000]
S1 InCDPass;InCDPass; C:\WINNT\system32\drivers\InCDPass.sys [2007-05-15 37040]
S1 incdrm;InCD Reader; C:\WINNT\system32\drivers\InCDRm.sys [2007-05-15 38576]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2000-07-26 13744]
S1 UdfReadr;UdfReadr; C:\WINNT\system32\drivers\UdfReadr.sys [2001-06-27 213248]
S2 ASCTRM;ASCTRM; C:\WINNT\system32\drivers\ASCTRM.sys []
S2 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-10-26 22089]
S2 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2000-07-26 13904]
S2 tcaicchg;tcaicchg; \??\C:\WINNT\System32\tcaicchg.sys []
S3 ccdecode;Closed Caption Decoder; C:\WINNT\system32\drivers\ccdecode.sys [2004-07-09 16384]
S3 GEARAspiWDM;GEAR CDRom Filter; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-07-14 14448]
S3 ichaud;Service for AC'97 Driver (WDM); C:\WINNT\system32\drivers\ichaud.sys [1999-10-22 32592]
S3 icm10blk;Intel® PC Camera CS630 Image Storage; C:\WINNT\system32\DRIVERS\icm10blk.sys [2001-10-05 14182]
S3 ICM10USB;Intel® PC Camera CS630; C:\WINNT\System32\Drivers\ICM10USB.sys [2001-10-05 420870]
S3 IKStream;Intel Streaming Filter For Kernel Streaming Audio Access; C:\WINNT\system32\drivers\IKStream.sys [2000-10-13 54428]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINNT\System32\Drivers\l8042pr2.sys [2003-12-17 51729]
S3 MPE;BDA MPE Filter; C:\WINNT\System32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
S3 QCMerced;Logitech QuickCam Express; C:\WINNT\system32\DRIVERS\LVCM.sys [2002-09-20 472396]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SONYFILT;Sony USBSTOR.SYS Filter; C:\WINNT\System32\Drivers\SonyUSBF.sys [2004-01-14 4480]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [1999-10-12 68912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINNT\system32\DRIVERS\w810bus.sys [2007-09-07 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINNT\system32\DRIVERS\w810mdfl.sys [2007-09-07 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINNT\system32\DRIVERS\w810mdm.sys [2007-09-07 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINNT\system32\DRIVERS\w810mgmt.sys [2007-09-07 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINNT\system32\DRIVERS\w810obex.sys [2007-09-07 83344]
S3 WDM_INAEC;Intel Native Acoustic Echo Canceller; C:\WINNT\system32\drivers\aecshell.sys [2001-02-21 169056]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2000-07-26 12016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DefWatch;DefWatch; C:\Program Files\NavNT\defwatch.exe [2000-09-27 32768]
R2 HidServ;HID Input Service; C:\WINNT\system32\hidserv.exe [2003-06-19 19728]
R2 Intel File Transfer;Intel File Transfer; C:\WINNT\system32\cba\xfr.exe [2000-09-18 11264]
R2 Intel PDS;Intel PDS; C:\WINNT\system32\cba\pds.exe [2000-09-18 18432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-13 152984]
R2 lxdi_device;lxdi_device; C:\WINNT\system32\lxdicoms.exe [2007-06-11 517040]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\WINNT\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nhksrv;Netropa NHK Server; C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2000-09-13 28672]
R2 Norton AntiVirus Server;Norton AntiVirus Client; C:\Program Files\NavNT\rtvscan.exe [2000-09-27 430080]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2003-10-06 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINNT\System32\mspmspsv.exe [2002-05-16 57344]
S2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-08-30 53337]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-08-30 53337]
S3 SBHookSvc;SBHookSvc; C:\PROGRA~1\TELUSE~1\SMARTB~1\SBHookSvc.exe []
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-08-30 69718]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [2000-07-26 7952]

-----------------EOF-----------------


Info file from RSIT:

info.txt logfile of random's system information tool 1.05 2009-01-20 07:04:27

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\CreateCD\UNINST.ISU"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"
-->C:\WINNT\NuNInst.exe /UNINSTALL
-->C:\WINNT\UNNeroBackItUp.exe /UNINSTALL
-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINNT\INF\wpfull.inf,WebPostUninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A7F3E74-1C63-45DE-BD6E-C7F05DD6BFB3}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}\setup.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adaptec Easy CD Creator 4-->"C:\Program Files\Common Files\Adaptec\ECDCUNIN\SETUP.EXE" -l0009 -fECDC.INS
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINNT\SYSTEM32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINNT\SYSTEM32\MACROMED\SHOCKW~2\Install.log
AOL Instant Messenger-->C:\Program Files\uninstll.exe -LOG= C:\Program Files\install.log -OEM=
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AusLogics BoostSpeed-->"C:\Program Files\AusLogics BoostSpeed\unins000.exe"
AusLogics Disk Defrag-->"C:\Program Files\AusLogics Disk Defrag\unins000.exe"
BroadJump Client Foundation-->C:\WINNT\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon Digital Camera USB TWAIN Driver-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\DC USB TWAIN\Uninst.isu" -c"C:\Program Files\Canon\DC USB TWAIN\SetupTwn.dll"
ChainCast Proxy (remove only)-->rundll32 C:\WINNT\System32\ccmp392.dll,UninstallProxy
COWON Media Center - jetAudio Plus VX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DellTouch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{706D5382-7381-4680-9DD0-161832578252}\setup.exe"
DirectShow Filters-->"C:\WINNT\DSFUninstall.exe"
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX Codec 3.1alpha release-->C:\WINNT\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINNT\INF\DivX.inf
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DVD-CLONER V6.00 Build 978-->"C:\Program Files\Dvd-cloner\unins000.exe"
Exterminate It!-->C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
FLV Player-->"C:\WINNT\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Half-Life-->C:\WINNT\IsUninst.exe -fc:\games\SIERRA\Half-Life\Uninst.isu -c"c:\games\SIERRA\Half-Life\HLUNINST.DLL"
HijackThis 2.0.2-->"C:\DOCUME~1\Laurita\LOCALS~1\Temp\HijackThis.exe" /uninstall
Hotfix for MDAC 2.53 (KB911562)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB911562-x86-ENU$\spuninst\spuninst.exe"
Hotfix for MDAC 2.53 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB947748)-->C:\WINNT\system32\msiexec.exe /package {B508B3F1-A24A-32C0-B310-85786919EF28} /uninstall {293258CB-8737-4DF9-AC7B-93B7997F1828} /qb+ REBOOTPROMPT=""
Intel Ultra ATA Storage Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\setup.exe" -INTELUNINST
Internet Explorer Q903235-->C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes-->MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINNT\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kazaa Media Desktop 2.0-->RunDll32 C:\WINNT\System32\cd_clint.dll,ServiceRunDll u_291 "{CA12BF7C-9C4C-4755-8380-AA1FFFA60BCA}"
Legalize it-->C:\Program Files\PhotoOp\Legalize it\Setup.exe
Lexmark 3500-4500 Series-->C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.7 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus!-->"C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /Uninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB947742)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M947742\M947742Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player-->MsiExec.exe /I{EA470D3B-058E-4772-B020-3C8C1F652A2E}
Mp3nity 1.3.001-->"C:\Program Files\Mp3nity\unins000.exe"
MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
MSN Toolbar-->C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\mtbs.exe c
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus Corporate Edition-->MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
NVIDIA Display Driver-->C:\WINNT\system32\nvudisp.exe Uninstall C:\WINNT\system32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINNT\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OpenMG Secure Module 4.3.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Desktop Connection-->MsiExec.exe /X{3E713D52-C967-41FB-AA24-3A92CC1025A4}
Replay Converter 2.8-->C:\WINNT\iun6002.exe "C:\Program Files\Replay Converter\iruninRCV.ini"
Replay Media Catcher-->"C:\WINNT\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RichFX Player-->RunDll32 C:\PROGRA~1\COMMON~1\RichFX\npvpg004.dll,Uninstall_Player
SecurDisc Viewer-->MsiExec.exe /X{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1033}
Security Update for DirectX 9 (KB941568)-->"C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
Security Update for DirectX 9 (KB951698)-->"C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM71$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB954600)-->"C:\WINNT\$NtUninstallKB954600_WM41$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Solution Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B0ED720-87D3-11D4-A188-0050DA2DDF19}\setup.exe"
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SpyNoMore 2.56-->C:\Program Files\SpyNoMore\uninst.exe
Star Wars JK II Jedi Outcast Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD1513FC-273F-4744-8934-A6E5B1741E98}\Setup.exe"
SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Sven Co-op 3.0-->C:\WINNT\unvise32.exe c:\program files\steam\steamapps\psyentist420@hotmail.com\half-life\SvenCoop\uninstal.log
TELUS Security & Privacy-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{B544F669-B04B-45B7-B449-30E273712FCC}
The Electronic Piercing Guide '98-->C:\WINNT\ST5UNST.EXE -n "c:\Ally\Stuf\ST5UNST.LOG"
TweakNow RegCleaner-->"C:\Program Files\TweakNow RegCleaner\unins000.exe"
Update Rollup 1 for Windows 2000 SP4-->"C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
WinAce Archiver 2.0-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows 2000 Hotfix - KB834707-->C:\WINNT\$NtUninstallKB834707-IE6SP1-20040929.091901$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB842773-->C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB867282-->C:\WINNT\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB883939-->"C:\WINNT\$NtUninstallKB883939-IE6SP1-20050428.125228$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB889293-->C:\WINNT\$NtUninstallKB889293-IE6SP1-20041111.235619$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB890046-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB890923-->"C:\WINNT\$NtUninstallKB890923-IE6SP1-20050225.103456$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB893756-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB894320-->"C:\WINNT\$NtUninstallKB894320$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896358-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896422-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896423-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896424-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896688-->"C:\WINNT\$NtUninstallKB896688-IE6SP1-20051004.130236$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896727-->"C:\WINNT\$NtUninstallKB896727-IE6SP1-20050719.165959$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB897715-->"C:\WINNT\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899587-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899588-->"C:\WINNT\$NtUninstallKB899588$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899589-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB900725-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901017-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901214-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB902400-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB904368-->"C:\WINNT\$NtUninstallKB904368$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905414-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905495-->"C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905749-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905915-->"C:\WINNT\$NtUninstallKB905915-IE6SP1-20051122.175908$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908519-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908523-->"C:\WINNT\$NtUninstallKB908523$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908531-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911280-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911567-->"C:\WINNT\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB912812-->"C:\WINNT\$NtUninstallKB912812-IE6SP1-20060322.182418$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB912919-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB913580-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914388-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914389-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB916281-->"C:\WINNT\$NtUninstallKB916281-IE6SP1-20060526.162249$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917008-->"C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917159-->"C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917422-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917537-->"C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917736-->"C:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917953-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918118-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918899-->"C:\WINNT\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920213-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920670-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920683-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920685-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920958-->"C:\WINNT\$NtUninstallKB920958$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921398-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921503-->"C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921883-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922582-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922616-->"C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922760-->"C:\WINNT\$NtUninstallKB922760-IE6SP1-20061018.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923191-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923414-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923694-->"C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923810-->"C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923980-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924191-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924270-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924667-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925454-->"C:\WINNT\$NtUninstallKB925454-IE6SP1-20061116.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925486-->"C:\WINNT\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925902-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926122-->"C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926436-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB927891-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928090-->"C:\WINNT\$NtUninstallKB928090-IE6SP1-20070125.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928843-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB929969-->"C:\WINNT\$NtUninstallKB929969-IE6SP1-20061220.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB930178-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931768-->"C:\WINNT\$NtUninstallKB931768-IE6SP1-20070219.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931784-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB932168-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933566-->"C:\WINNT\$NtUninstallKB933566-IE6SP1-20070417.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933729-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935840-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB936021-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937143-->"C:\WINNT\$NtUninstallKB937143-IE6SP1-20070717.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937894-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938127-->"C:\WINNT\$NtUninstallKB938127-IE6SP1-20070626.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938464-->"C:\WINNT\$NtUninstallKB938464-IE6SP1-20080429.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938827-->"C:\WINNT\$NtUninstallKB938827$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938829-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB939653-->"C:\WINNT\$NtUninstallKB939653-IE6SP1-20070817.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941202-->"C:\WINNT\$NtUninstallKB941202-OE6SP1-20070820.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941644-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941693-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB942615-->"C:\WINNT\$NtUninstallKB942615-IE6SP1-20071029.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943055-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943485-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944338-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944533-->"C:\WINNT\$NtUninstallKB944533-IE6SP1-20071210.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB945553-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB947864-->"C:\WINNT\$NtUninstallKB947864-IE6SP1-20080215.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948590-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948881-->"C:\WINNT\$NtUninstallKB948881-IE6SP1-20080313.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950749-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950759-->"C:\WINNT\$NtUninstallKB950759-IE6SP1-20080418.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950760-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950974-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951066-->"C:\WINNT\$NtUninstallKB951066-OE6SP1-20080625.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951748-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB952954-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB953838-->"C:\WINNT\$NtUninstallKB953838-IE6SP1-20080620.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB953839-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB954211-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB955069-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956390-->"C:\WINNT\$NtUninstallKB956390-IE6SP1-20080820.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956391-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956802-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB957095-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB957097-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958215-->"C:\WINNT\$NtUninstallKB958215-IE6SP1-20081016.120

#10 hannah9

hannah9
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 20 January 2009 - 09:27 AM

GMER log attached

Attached Files



#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 21 January 2009 - 05:30 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\WINNT\system32\vumer.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.





NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINNT\system32\wiwifezi.dll
    C:\WINNT\system32\lupeyoyu.dll
    C:\WINNT\system32\pafijisu.dll
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. VirScan.org result
3. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 hannah9

hannah9
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 22 January 2009 - 12:28 PM

Thanks for your reply. I am working very long hours this week so couldn't get to this last night. Will make every effort tonight.

Thanks again

#13 hannah9

hannah9
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 23 January 2009 - 12:56 AM

OTScan MoveIt Log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINNT\system32\wiwifezi.dll not found.
DllUnregisterServer procedure not found in C:\WINNT\system32\lupeyoyu.dll
C:\WINNT\system32\lupeyoyu.dll NOT unregistered.
File move failed. C:\WINNT\system32\lupeyoyu.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINNT\system32\pafijisu.dll
C:\WINNT\system32\pafijisu.dll NOT unregistered.
File move failed. C:\WINNT\system32\pafijisu.dll scheduled to be moved on reboot.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01222009_222937

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINNT\system32\lupeyoyu.dll
C:\WINNT\system32\lupeyoyu.dll NOT unregistered.
File move failed. C:\WINNT\system32\lupeyoyu.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINNT\system32\pafijisu.dll
C:\WINNT\system32\pafijisu.dll NOT unregistered.
File move failed. C:\WINNT\system32\pafijisu.dll scheduled to be moved on reboot.


Viruscan Log:

VirSCAN.org Scanned Report :
Scanned time : 2009/01/22 22:11:40 (MST)
Scanner results: 8% Scanner(3/37) found malware!
File Name : vumer.dll
File Size : 199696 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : d5aef9e71a412f1b76768261671e938e
SHA1 : e070df9c2ca4a8d804b8320e87cc5989917d5810
Online report : http://virscan.org/report/7f360440931d2633...c93214c243.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.29 20090123122922 2009-01-23 3.69 AdWare.Win32.BHO!IK
AhnLab V3 2009.01.23.00 2009.01.23 2009-01-23 1.75 -
AntiVir 7.9.0.60 7.1.1.168 2009-01-22 1.84 ADSPY/Bho.199696
Antiy 2.0.18 20090118.2063925 2009-01-18 0.02 -
Authentium 5.1.1 200901212119 2009-01-21 1.11 -
AVAST! 3.0.1 090122-0 2009-01-22 67.61 -
AVG 7.5.52.442 270.10.12/1909 2009-01-22 1.87 -
BitDefender 7.81008.2578090 7.23278 2009-01-23 2.38 -
CA (VET) 9.0.0.143 31.6.6322 2009-01-23 3.52 -
ClamAV 0.94.2 8893 2009-01-23 0.04 -
Comodo 3.0 942 2009-01-22 0.88 -
CP Secure 1.1.0.715 2009.01.23 2009-01-23 6.78 -
Dr.Web 4.44.0.9170 2009.01.23 2009-01-23 3.89 -
F-Prot 4.4.4.56 20090122 2009-01-22 1.10 -
F-Secure 5.51.6100 2009.01.23.01 2009-01-23 4.34 -
Fortinet 2.81-3.117 9.936 2009-01-22 0.17 -
GData 19.2555/19.195 20090122 2009-01-22 3.13 -
ViRobot 20090122 2009.01.22 2009-01-22 0.40 -
Ikarus T3.1.01.45 2009.01.23.72195 2009-01-23 3.68 AdWare.Win32.BHO
JiangMin 11.0.706 2009.01.21 2009-01-21 1.42 -
Kaspersky 5.5.10 2009.01.22 2009-01-22 0.06 -
KingSoft 2008.9.8.18 2009.1.23.9 2009-01-23 0.68 -
McAfee 5.3.00 5502 2009-01-21 2.94 -
Microsoft 1.4205 2009.01.22 2009-01-22 6.54 -
mks_vir 2.01 2009.01.22 2009-01-22 2.67 -
Norman 5.93.01 5.93.00 2009-01-20 6.58 -
Panda 9.05.01 2009.01.22 2009-01-22 2.68 -
Trend Micro 8.700-1004 5.786.03 2009-01-22 0.03 -
Quick Heal 10.00 2009.01.23 2009-01-23 2.15 -
Rising 20.0 21.13.32.00 2009-01-22 1.45 -
Sophos 2.82.1 4.37 2009-01-23 2.39 -
Sunbelt 4756 4756 2009-01-08 0.14 -
Symantec 1.3.0.24 20090121.003 2009-01-21 0.05 -
nProtect 20090122.01 3017096 2009-01-22 3.70 -
The Hacker 6.3.1.5 v00225 2009-01-21 0.52 -
VBA32 3.12.8.11 20090122.1128 2009-01-22 1.58 -
VirusBuster 4.5.11.10 10.100.35/762874 2009-01-22 1.01 -

RSIT Log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Laurita at 2009-01-22 22:43:41
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 19 GB (49%) free of 38 GB
Total RAM: 255 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43, on 2009-01-22
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINNT\system32\lxdicoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Dell\Solution Center\Service.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Laurita\Desktop\RSIT.exe
C:\ht\Laurita.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DDSMEkl - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\WINNT\system32\vumer.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CPM04e2353d] Rundll32.exe "c:\winnt\system32\lupeyoyu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - Global Startup: Dell Service.lnk = C:\Program Files\Dell\Solution Center\Service.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim.exe
O12 - Plugin for .htm&ARIReportName=GSAMReport&ARIAgentReportRunName=GS018&Title=Alberta^System^Daily^Customer^Reports&ReportRunID=5385408&ReportFormat=pdf&ARIActionType=View: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/us/sa/common/c...n/bin/cabsa.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://gmsweb.alliance-pipeline.com/viewer...tivexviewer.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} - http://companion.logitech.com/companion/lo...1/bin/imvid.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O20 - AppInit_DLLs: c:\winnt\system32\lupeyoyu.dll c:\winnt\system32\pafijisu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\lupeyoyu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\lupeyoyu.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINNT\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINNT\system32\lxdicoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\TELUSE~1\SMARTB~1\SBHookSvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Canon\ZoomBrowser EX\Image Library One\2004_11_06\119-1907a_IMG.JPG
O24 - Desktop Component 1: (no name) - C:\Program Files\Canon\ZoomBrowser EX\Image Library One\111-1121_IMG.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Laurita\My Documents\My Pictures\110-1041_IMG.JPG

--
End of file - 10870 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Symantec NetDetect.job
C:\WINNT\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2502BBD0-D73B-11DD-B4EC-CEBF56D89593}]
DDSMEkl - C:\WINNT\system32\vumer.dll [2003-08-01 199696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2003-10-06 5058560]
"MULTIMEDIA KEYBOARD"=C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe [2000-09-21 126976]
"LoadQM"=C:\WINNT\loadqm.exe [2000-05-03 7536]
"vptray"=C:\PROGRA~1\NavNT\vptray.exe [2000-09-27 53248]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-28 180269]
"SNM"=C:\Program Files\SpyNoMore\SNM.exe [2008-12-09 1064400]
"Logitech Utility"=C:\WINNT\Logi_MwX.Exe [2003-12-17 19968]
"TELUS_eCare_Lite_McciTrayApp"=C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe [2007-01-24 1007720]
"lxdimon.exe"=C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [2007-07-16 434864]
"lxdiamon"=C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [2007-07-16 25264]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2008-12-27 548864]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600]
"CPM04e2353d"=c:\winnt\system32\lupeyoyu.dll [2009-01-16 127771]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2001-02-20 8192]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Dell Service.lnk - C:\Program Files\Dell\Solution Center\Service.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\winnt\system32\lupeyoyu.dll c:\winnt\system32\pafijisu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINNT\System32\NavLogon.dll [2000-09-27 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\lupeyoyu.dll [2009-01-16 127771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\lupeyoyu.dll [2009-01-16 127771]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zpasspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINNT\system\rundll32.exe"="C:\WINNT\system\rundll32.exe:*:Enabled:rundll32"
"C:\Documents and Settings\Laurita\Local Settings\Temporary Internet Files\Content.IE5\EH74XGV6\installer_00004[1].exe"="C:\Documents and Settings\Laurita\Local Settings\Temporary Internet Files\Content.IE5\EH74XGV6\installer_00004[1].exe:*:Enabled:installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-22 22:29:37 ----D---- C:\_OTMoveIt
2009-01-20 07:08:43 ----A---- C:\WINNT\gmer.ini
2009-01-20 07:08:42 ----A---- C:\WINNT\gmer_uninstall.cmd
2009-01-20 07:08:42 ----A---- C:\WINNT\gmer.exe
2009-01-20 07:08:42 ----A---- C:\WINNT\gmer.dll
2009-01-20 07:04:20 ----D---- C:\rsit
2009-01-19 23:33:20 ----D---- C:\ht
2009-01-19 15:03:22 ----HD---- C:\WINNT\$NtUninstallKB958687$
2009-01-19 15:00:17 ----A---- C:\WINNT\system32\MRT.exe
2009-01-18 16:50:03 ----D---- C:\WINNT\temp
2009-01-18 16:49:54 ----A---- C:\ComboFix.txt
2009-01-18 16:33:04 ----A---- C:\WINNT\zip.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\VFIND.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\SWXCACLS.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\SWSC.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\SWREG.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\sed.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\NIRCMD.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\grep.exe
2009-01-18 16:33:04 ----A---- C:\WINNT\fdsv.exe
2009-01-18 16:33:00 ----D---- C:\WINNT\ERDNT
2009-01-18 16:33:00 ----D---- C:\Qoobox
2009-01-18 16:33:00 ----D---- C:\Combo-Fix
2009-01-16 02:24:58 ----ASH---- C:\WINNT\system32\lupeyoyu.dll
2009-01-15 14:24:32 ----ASH---- C:\WINNT\system32\pafijisu.dll
2009-01-14 20:55:54 ----D---- C:\Program Files\Exterminate It!
2008-12-26 16:41:46 ----D---- C:\Program Files\Dvd-cloner
2008-12-23 15:58:45 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-12-23 15:58:25 ----D---- C:\Program Files\DVD Shrink
2008-12-23 15:46:17 ----D---- C:\Program Files\uTorrent
2008-12-23 15:46:12 ----D---- C:\Documents and Settings\Laurita\Application Data\uTorrent
2008-12-22 16:05:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-18 00:10:01 ----HD---- C:\WINNT\$NtUninstallKB960714-IE6SP1-20081211.120000$
2008-12-17 02:52:05 ----D---- C:\Program Files\Trend Micro
2008-12-13 00:27:05 ----A---- C:\WINNT\system32\javaws.exe
2008-12-13 00:27:05 ----A---- C:\WINNT\system32\javaw.exe
2008-12-13 00:27:05 ----A---- C:\WINNT\system32\deploytk.dll
2008-12-13 00:27:04 ----A---- C:\WINNT\system32\java.exe
2008-12-12 15:02:11 ----HD---- C:\WINNT\$NtUninstallKB952069_WM71$
2008-12-12 15:01:47 ----HD---- C:\WINNT\$NtUninstallKB954600_WM41$
2008-12-12 15:01:18 ----HD---- C:\WINNT\$NtUninstallKB958215-IE6SP1-20081016.120000$
2008-12-12 15:00:45 ----HD---- C:\WINNT\$NtUninstallKB956802$
2008-12-10 23:03:00 ----A---- C:\WINNT\system32\MSHTML.DLL
2008-12-01 13:00:44 ----D---- C:\BroadJump
2008-11-30 11:56:24 ----D---- C:\Documents and Settings\Laurita\Application Data\Malwarebytes
2008-11-30 11:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-14 10:52:30 ----HD---- C:\WINNT\$NtUninstallKB955069$
2008-11-14 10:45:30 ----HD---- C:\WINNT\$NtUninstallKB957097$
2008-10-24 18:34:04 ----HD---- C:\WINNT\$NtUninstallKB958644$

======List of files/folders modified in the last 3 months======

2009-01-22 22:39:02 ----A---- C:\WINNT\Msiosd.ini
2009-01-22 22:38:48 ----A---- C:\WINNT\lgfwup.ini
2009-01-18 16:41:14 ----A---- C:\WINNT\system.ini
2009-01-18 16:34:18 ----A---- C:\WINNT\ntbtlog.txt
2009-01-18 15:45:38 ----A---- C:\WINNT\SCHEDLGU.TXT
2008-12-26 16:13:50 ----A---- C:\WINNT\NeroDigital.ini
2008-12-18 00:10:20 ----A---- C:\WINNT\imsins.BAK
2008-12-18 00:09:16 ----A---- C:\WINNT\winamp.ini
2008-11-16 11:15:28 ----A---- C:\WINNT\system32\DFRG.MSC
2008-11-13 10:40:14 ----A---- C:\WINNT\ModemLog_U.S. Robotics 56K Voice PCI.txt
2008-11-07 18:32:20 ----A---- C:\WINNT\system32\WMVCore.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmosa;cmosa; C:\WINNT\System32\DRIVERS\cmosa.sys [2000-10-06 29344]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINNT\System32\DRIVERS\msikbd2k.sys [2000-06-06 6883]
R2 NAVAPEL;NAVAPEL; \??\C:\PROGRA~1\NavNT\NAVAPEL.SYS []
R2 Secdrv;Secdrv; \??\C:\WINNT\System32\drivers\SECDRV.SYS []
R3 EL90Xbc;3Com 3C90X-BC Family PCI EtherLink Adapter; C:\WINNT\System32\DRIVERS\el90Xbc5.SYS [2001-03-27 67317]
R3 es1371mp;SB AudioPCI 64V Audio Driver (WDM); C:\WINNT\system32\drivers\es1371mp.sys [1999-12-23 42623]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINNT\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINNT\System32\Drivers\LHidUsb.Sys [2003-12-17 37887]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINNT\System32\Drivers\LMouFlt2.sys [2003-12-17 70801]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [1999-09-25 16144]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
R3 MTsensor;MTsensor; C:\WINNT\System32\DRIVERS\MTsensor.sys [2000-10-06 14392]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
R4 InCDfs;InCD File System; C:\WINNT\system32\drivers\InCDFs.sys [2007-05-15 118576]
S1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2003-08-16 58000]
S1 InCDPass;InCDPass; C:\WINNT\system32\drivers\InCDPass.sys [2007-05-15 37040]
S1 incdrm;InCD Reader; C:\WINNT\system32\drivers\InCDRm.sys [2007-05-15 38576]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2000-07-26 13744]
S1 UdfReadr;UdfReadr; C:\WINNT\system32\drivers\UdfReadr.sys [2001-06-27 213248]
S2 ASCTRM;ASCTRM; C:\WINNT\system32\drivers\ASCTRM.sys []
S2 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-10-26 22089]
S2 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2000-07-26 13904]
S2 tcaicchg;tcaicchg; \??\C:\WINNT\System32\tcaicchg.sys []
S3 ccdecode;Closed Caption Decoder; C:\WINNT\system32\drivers\ccdecode.sys [2004-07-09 16384]
S3 GEARAspiWDM;GEAR CDRom Filter; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-07-14 14448]
S3 gmer;gmer; C:\WINNT\System32\DRIVERS\gmer.sys [2009-01-20 85969]
S3 ichaud;Service for AC'97 Driver (WDM); C:\WINNT\system32\drivers\ichaud.sys [1999-10-22 32592]
S3 icm10blk;Intel® PC Camera CS630 Image Storage; C:\WINNT\system32\DRIVERS\icm10blk.sys [2001-10-05 14182]
S3 ICM10USB;Intel® PC Camera CS630; C:\WINNT\System32\Drivers\ICM10USB.sys [2001-10-05 420870]
S3 IKStream;Intel Streaming Filter For Kernel Streaming Audio Access; C:\WINNT\system32\drivers\IKStream.sys [2000-10-13 54428]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINNT\System32\Drivers\l8042pr2.sys [2003-12-17 51729]
S3 MPE;BDA MPE Filter; C:\WINNT\System32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
S3 QCMerced;Logitech QuickCam Express; C:\WINNT\system32\DRIVERS\LVCM.sys [2002-09-20 472396]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SONYFILT;Sony USBSTOR.SYS Filter; C:\WINNT\System32\Drivers\SonyUSBF.sys [2004-01-14 4480]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [1999-10-12 68912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINNT\system32\DRIVERS\w810bus.sys [2007-09-07 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINNT\system32\DRIVERS\w810mdfl.sys [2007-09-07 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINNT\system32\DRIVERS\w810mdm.sys [2007-09-07 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINNT\system32\DRIVERS\w810mgmt.sys [2007-09-07 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINNT\system32\DRIVERS\w810obex.sys [2007-09-07 83344]
S3 WDM_INAEC;Intel Native Acoustic Echo Canceller; C:\WINNT\system32\drivers\aecshell.sys [2001-02-21 169056]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2000-07-26 12016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DefWatch;DefWatch; C:\Program Files\NavNT\defwatch.exe [2000-09-27 32768]
R2 HidServ;HID Input Service; C:\WINNT\system32\hidserv.exe [2003-06-19 19728]
R2 Intel File Transfer;Intel File Transfer; C:\WINNT\system32\cba\xfr.exe [2000-09-18 11264]
R2 Intel PDS;Intel PDS; C:\WINNT\system32\cba\pds.exe [2000-09-18 18432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-13 152984]
R2 lxdi_device;lxdi_device; C:\WINNT\system32\lxdicoms.exe [2007-06-11 517040]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\WINNT\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nhksrv;Netropa NHK Server; C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2000-09-13 28672]
R2 Norton AntiVirus Server;Norton AntiVirus Client; C:\Program Files\NavNT\rtvscan.exe [2000-09-27 430080]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2003-10-06 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINNT\System32\mspmspsv.exe [2002-05-16 57344]
S2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-08-30 53337]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-08-30 53337]
S3 SBHookSvc;SBHookSvc; C:\PROGRA~1\TELUSE~1\SMARTB~1\SBHookSvc.exe []
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-08-30 69718]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [2000-07-26 7952]

-----------------EOF-----------------

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 23 January 2009 - 07:32 AM

Erm... Lets do a deeper scan...



Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again



1. Start AVZ.
2. Choose from the menu File => Standard scripts and mark the 3. Healing/Quarantine and Advanced System Investigation check box.
3. Click on the Execute selected scripts.
4. Automatic scanning, healing and system check will be executed.
5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
7. All applications will work properly after the system restart.


  • After that, please restart AVZ again,
  • From the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach virusinfo_syscheck.htm to your next reply

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 hannah9

hannah9
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 23 January 2009 - 07:16 PM

virusinfo_syscheck.htm attached.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users