Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I was infected with Vundo and antivirus 360 but I don't think I got it all off


  • This topic is locked This topic is locked
14 replies to this topic

#1 prlg

prlg

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 January 2009 - 09:34 AM

I was recently infected with the Vundo trojan and antivirus 360. I installed malwarebytes and ran it, although I am still having a few problems. The problem is mostly with my internet running ridiculously slow even though my connection is good. My computer is also running slower but it is going a little faster since I have run malwarebytes. Any help would be appreciated. this is my log after running the program.


C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\ROSIE\DESKTOP\DDS.COM

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bethelks.edu/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080316
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: {df662d83-6a0e-4226-9b8e-7d432ea9f13c} - c:\windows\system32\xxyYQhef.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
TCP: {D3937794-B040-4F23-AA1F-CA50BA538459} = 132.195.249.13,132.195.20.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyYQhef

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rosie\applic~1\mozilla\firefox\profiles\m45oy36z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bethelks.edu/
FF - plugin: c:\program files\adobe\reader 8.0\reader\browser\nppdf32.dll
FF - plugin: c:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\divx\divx web player\npdivx32.dll
FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\windows media player\npdrmv2.dll
FF - plugin: c:\program files\windows media player\npdsplay.dll
FF - plugin: c:\program files\windows media player\npwmsdrm.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-3-16 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-3-16 7424]

=============== Created Last 30 ================

2009-01-22 19:06 <DIR> --d----- c:\docume~1\rosie\applic~1\Malwarebytes
2009-01-22 19:06 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-22 19:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 19:06 <DIR> --d----- c:\progra~1\Malwarebytes' Anti-Malware
2009-01-22 19:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-21 17:02 <DIR> --d----- c:\windows\ERUNT
2009-01-21 15:36 <DIR> --d-h--- c:\windows\PIF
2009-01-20 23:24 1,437,063 a--sh--- c:\windows\system32\lwvkbhcl.ini
2009-01-19 23:22 1,437,063 a--sh--- c:\windows\system32\xgxjuiaf.ini
2009-01-19 16:36 1,407,657 a--sh--- c:\windows\system32\gcxlwvuc.ini
2009-01-18 14:40 1,407,285 a--sh--- c:\windows\system32\taxsvbqv.ini
2009-01-17 13:31 1,407,285 a--sh--- c:\windows\system32\djkaxevn.ini
2009-01-15 16:07 1,374,666 a--sh--- c:\windows\system32\hbmergfb.ini
2009-01-13 23:41 1,446,373 a--sh--- c:\windows\system32\uouuhsxx.ini
2009-01-12 23:40 1,446,373 a--sh--- c:\windows\system32\wohpmsik.ini
2009-01-11 22:47 1,361,141 a--sh--- c:\windows\system32\jlevsplb.ini
2009-01-11 13:40 1,348,485 a--sh--- c:\windows\system32\bvkyjwhu.ini
2009-01-11 13:16 1,348,485 a--sh--- c:\windows\system32\holtafvf.ini
2009-01-10 13:16 1,348,481 a--sh--- c:\windows\system32\ruehemee.ini
2009-01-09 13:16 1,333,220 a--sh--- c:\windows\system32\acerlojl.ini
2009-01-09 13:15 1,333,220 a--sh--- c:\windows\system32\tpfmdkko.ini
2009-01-08 07:49 1,333,220 a--sh--- c:\windows\system32\yxmntyxx.ini
2009-01-07 05:39 1,327,229 a--sh--- c:\windows\system32\fjojinjl.ini
2009-01-07 05:39 1,327,229 a--sh--- c:\windows\system32\ldvkektt.ini
2009-01-06 05:26 1,327,238 a--sh--- c:\windows\system32\wciydvkk.ini
2009-01-05 06:54 1,311,629 a--sh--- c:\windows\system32\falvvopw.ini
2009-01-03 21:18 1,311,629 a--sh--- c:\windows\system32\afhxajqg.ini
2009-01-02 20:58 1,311,620 a--sh--- c:\windows\system32\qwnbckti.ini
2009-01-02 20:56 1,311,620 a--sh--- c:\windows\system32\elultasw.ini
2009-01-01 19:53 1,311,620 a--sh--- c:\windows\system32\mqkmummb.ini
2009-01-01 19:52 1,311,620 a--sh--- c:\windows\system32\sjlgaija.ini
2008-12-31 19:17 1,311,620 a--sh--- c:\windows\system32\apcelkbr.ini
2008-12-29 23:24 1,312,468 a--sh--- c:\windows\system32\pltdgsvt.ini
2008-12-28 17:21 1,312,468 a--sh--- c:\windows\system32\hwbcckhm.ini

==================== Find3M ====================

2009-01-21 22:40 1,066,811 a--sh--- c:\windows\system32\fehQYyxx.ini2
2009-01-10 00:25 926 a------- c:\docume~1\rosie\applic~1\wklnhst.dat
2008-12-27 22:27 175,692 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2008-11-21 00:25 216,064 a------- c:\windows\iun3405.exe
2008-03-24 19:47 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-03-16 02:18 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 15:24:53.01 ===============

BC AdBot (Login to Remove)

 


#2 prlg

prlg
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 January 2009 - 09:44 AM

Oh yeah i forgot to add that Malware now says that I don't have any infected files even after a full scan and I also tried to run kapersky (?) online scanner but it would not work because my internet is running so slow....I keep getting the error message that says "please go online to use the scanner"

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 01 February 2009 - 09:42 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 prlg

prlg
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 04 February 2009 - 02:07 AM

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

2/4/2009 8:05:48 AM
mbam-log-2009-02-04 (08-05-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 95354
Time elapsed: 23 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 prlg

prlg
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 04 February 2009 - 02:09 AM

info.txt logfile of random's system information tool 1.05 2009-02-04 07:26:52

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AbiWord 2.6.2-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Anesoft ACLS Simulator 7 Demo-->MsiExec.exe /I{1BB1F7E7-A46D-46A6-A5B3-F130EDBE8282}
Anesthesia Simulator 5 Demo-->MsiExec.exe /I{3FC93F55-8A0C-419C-8DFF-9239354EE874}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
BurnOn CD&DVD, Version 3.1.0 ( Build 2007-4-2, Win32, )-->"C:\Program Files\BurnWorld\BurnOnCDDVD\unins000.exe"
CardiacCD-->C:\WINDOWS\iun3405.exe C:\Program Files\MadSci\Cardiac2
CodeTeam-->C:\WINDOWS\iun3405.exe C:\madsci\codeteam
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Dell DataSafe Online-->MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Delta Force Black Hawk Down Demo-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Delta Force Black Hawk Down Demo\Uninst.isu"
Delta Force: Xtreme - Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31777F40-593D-4331-A236-D2580CD319BE}\setup.exe" -l0x9
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
EA SPORTS online 2004-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Elecard MPEG Player-->"C:\Program Files\Elecard\Elecard MPEG Player\Uninstall.exe" "C:\Program Files\Elecard\Elecard MPEG Player\install.log" -u
FIFA 06 Demo-->C:\Program Files\EA SPORTS\FIFA 06 Demo\EAUninstall.exe
FIFA 2004-->C:\Program Files\EA SPORTS\FIFA 2004\EAUninstall.exe
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
Handbrake 0.9.2-->C:\Program Files\Handbrake\uninst.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Laptop Integrated Webcam Driver (1.03.02.0719) -->C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 Trial-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NHL 2004 Demo-->C:\Program Files\EA SPORTS\NHL 2004 Demo\EAUninstall.exe
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
ResusSim Prehospital Demo-->C:\PROGRA~1\RESUSS~1\UNWISE.EXE C:\PROGRA~1\RESUSS~1\INSTALL.LOG
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Samsung Video Codec 1.1 Uninstall-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SMP4 132 C:\WINDOWS\INF\install.inf
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Trauma-->C:\WINDOWS\iun3405.exe c:\madsci\trauma
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost

System event log

Computer Name: BOB
Event Code: 7036
Message: The Telephony service entered the stopped state.

Record Number: 6466
Source Name: Service Control Manager
Time Written: 20081224141122.000000+060
Event Type: information
User:

Computer Name: BOB
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{D3937794-B040-4F23-AA1F-CA50BA538459} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 6465
Source Name: Tcpip
Time Written: 20081224141018.000000+060
Event Type: information
User:

Computer Name: BOB
Event Code: 9
Message: Broadcom 440x 10/100 Integrated Controller: Network controller configured for 100Mb full-duplex link.

Record Number: 6464
Source Name: bcm4sbxp
Time Written: 20081224141018.000000+060
Event Type: information
User:

Computer Name: BOB
Event Code: 7036
Message: The NMIndexingService service entered the running state.

Record Number: 6463
Source Name: Service Control Manager
Time Written: 20081224140948.000000+060
Event Type: information
User:

Computer Name: BOB
Event Code: 7035
Message: The NMIndexingService service was successfully sent a start control.

Record Number: 6462
Source Name: Service Control Manager
Time Written: 20081224140946.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: BOB
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2890
Source Name: LoadPerf
Time Written: 20090106115733.000000+060
Event Type: information
User:

Computer Name: BOB
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
The Record Data contains the new values of the system Last Counter and
Last Help registry entries.

Record Number: 2889
Source Name: LoadPerf
Time Written: 20090106115732.000000+060
Event Type: information
User:

Computer Name: BOB
Event Code: 0
Message:
Record Number: 2888
Source Name: NMIndexingService
Time Written: 20090106115434.000000+060
Event Type: information
User:

Computer Name: BOB
Event Code: 0
Message:
Record Number: 2887
Source Name: iPod Service
Time Written: 20090106115433.000000+060
Event Type: information
User:

Computer Name: BOB
Event Code: 4
Message:
Record Number: 2886
Source Name: (MSN/Windows) Messenger Service
Time Written: 20090106115426.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------










Logfile of random's system information tool 1.05 (written by random/random)
Run by Rosie at 2009-02-04 07:26:27
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 133 GB (57%) free of 232 GB
Total RAM: 3062 MB (83% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-05-17 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-03-16 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF662D83-6A0E-4226-9B8E-7D432EA9F13C}]
C:\WINDOWS\system32\xxyYQhef.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-17 2549368]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-10 851968]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-07-10 137752]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-07-10 162328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-07-10 137752]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-08-28 36864]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-03 1228800]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-12-11 2183168]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-07-10 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-16 1838592]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-10 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-11-01 189736]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-29 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-04-18 3628080]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-16 3528440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-07-10 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\xxyYQhef

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-02-04 07:26:28 ----D---- C:\Program Files\trend micro
2009-02-04 07:26:27 ----D---- C:\rsit
2009-01-22 19:06:10 ----D---- C:\Documents and Settings\Rosie\Application Data\Malwarebytes
2009-01-22 19:06:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-22 19:06:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-21 17:02:51 ----D---- C:\WINDOWS\ERUNT
2009-01-21 16:59:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-21 15:36:37 ----HD---- C:\WINDOWS\PIF
2009-01-20 23:24:08 ----ASH---- C:\WINDOWS\system32\lwvkbhcl.ini
2009-01-19 23:22:48 ----ASH---- C:\WINDOWS\system32\xgxjuiaf.ini
2009-01-19 16:36:06 ----ASH---- C:\WINDOWS\system32\gcxlwvuc.ini
2009-01-18 14:40:32 ----ASH---- C:\WINDOWS\system32\taxsvbqv.ini
2009-01-17 13:31:26 ----ASH---- C:\WINDOWS\system32\djkaxevn.ini
2009-01-15 16:07:12 ----ASH---- C:\WINDOWS\system32\hbmergfb.ini
2009-01-13 23:41:39 ----ASH---- C:\WINDOWS\system32\uouuhsxx.ini
2009-01-12 23:40:32 ----ASH---- C:\WINDOWS\system32\wohpmsik.ini
2009-01-11 22:47:38 ----ASH---- C:\WINDOWS\system32\jlevsplb.ini
2009-01-11 13:40:32 ----ASH---- C:\WINDOWS\system32\bvkyjwhu.ini
2009-01-11 13:16:33 ----ASH---- C:\WINDOWS\system32\holtafvf.ini
2009-01-10 13:16:20 ----ASH---- C:\WINDOWS\system32\ruehemee.ini
2009-01-09 13:16:08 ----ASH---- C:\WINDOWS\system32\acerlojl.ini
2009-01-09 13:15:10 ----ASH---- C:\WINDOWS\system32\tpfmdkko.ini
2009-01-08 07:49:01 ----ASH---- C:\WINDOWS\system32\yxmntyxx.ini
2009-01-07 05:39:58 ----ASH---- C:\WINDOWS\system32\fjojinjl.ini
2009-01-07 05:39:05 ----ASH---- C:\WINDOWS\system32\ldvkektt.ini
2009-01-06 05:26:09 ----ASH---- C:\WINDOWS\system32\wciydvkk.ini
2009-01-05 06:54:33 ----ASH---- C:\WINDOWS\system32\falvvopw.ini
2009-01-03 21:18:48 ----ASH---- C:\WINDOWS\system32\afhxajqg.ini
2009-01-02 20:58:01 ----ASH---- C:\WINDOWS\system32\qwnbckti.ini
2009-01-02 20:56:15 ----ASH---- C:\WINDOWS\system32\elultasw.ini
2009-01-01 19:53:54 ----ASH---- C:\WINDOWS\system32\mqkmummb.ini
2009-01-01 19:52:09 ----ASH---- C:\WINDOWS\system32\sjlgaija.ini
2008-12-31 19:17:52 ----ASH---- C:\WINDOWS\system32\apcelkbr.ini
2008-12-29 23:24:39 ----ASH---- C:\WINDOWS\system32\pltdgsvt.ini
2008-12-28 17:21:31 ----ASH---- C:\WINDOWS\system32\hwbcckhm.ini
2008-12-23 05:56:00 ----A---- C:\WINDOWS\system32\8b823778-.txt
2008-12-23 05:55:31 ----ASH---- C:\WINDOWS\system32\fehQYyxx.ini2
2008-12-23 05:55:31 ----ASH---- C:\WINDOWS\system32\fehQYyxx.ini
2008-11-21 01:21:18 ----D---- C:\Program Files\Common Files\Skype
2008-11-21 00:25:38 ----D---- C:\Program Files\MadSci
2008-11-21 00:25:06 ----A---- C:\WINDOWS\iun3405.exe
2008-11-21 00:22:11 ----D---- C:\madsci
2008-11-21 00:20:42 ----D---- C:\EA

======List of files/folders modified in the last 3 months======

2009-02-04 07:26:28 ----RD---- C:\Program Files
2009-02-04 07:26:18 ----D---- C:\WINDOWS\Prefetch
2009-02-04 07:17:54 ----D---- C:\Program Files\Mozilla Firefox
2009-02-04 04:32:59 ----D---- C:\WINDOWS\system32
2009-02-04 04:32:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-04 04:30:47 ----D---- C:\WINDOWS\Temp
2009-02-04 04:29:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-04 04:28:48 ----D---- C:\WINDOWS
2009-02-04 04:28:47 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-02-03 19:37:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-03 19:23:33 ----D---- C:\Documents and Settings\Rosie\Application Data\Skype
2009-02-03 00:18:14 ----D---- C:\Documents and Settings\Rosie\Application Data\skypePM
2009-02-01 22:41:42 ----D---- C:\WINDOWS\system32\drivers
2009-01-30 04:04:57 ----D---- C:\WINDOWS\system32\FxsTmp
2009-01-27 23:36:12 ----D---- C:\Program Files\Veoh Networks
2009-01-22 01:12:27 ----A---- C:\WINDOWS\system.ini
2009-01-21 18:05:59 ----D---- C:\WINDOWS\Registration
2009-01-21 15:18:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-18 14:39:01 ----D---- C:\Config.Msi
2009-01-18 02:32:13 ----SHD---- C:\WINDOWS\Installer
2008-12-28 16:17:23 ----D---- C:\WINDOWS\system32\config
2008-12-28 16:17:06 ----D---- C:\WINDOWS\system32\wbem
2008-12-24 14:08:40 ----D---- C:\Program Files\Google
2008-12-24 07:55:56 ----A---- C:\WINDOWS\imsins.BAK
2008-12-24 07:32:19 ----SD---- C:\WINDOWS\Tasks
2008-11-28 21:42:34 ----HD---- C:\WINDOWS\inf
2008-11-21 01:21:18 ----D---- C:\Program Files\Common Files
2008-11-21 00:25:40 ----A---- C:\WINDOWS\win.ini
2008-11-21 00:25:33 ----RSHD---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2006-08-16 225664]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-03 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-07-10 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-10 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-10 37376]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-07-10 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-03 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-03 211200]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-07-10 5707744]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2007-05-03 78720]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-07-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-10 202912]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-03 731136]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-12-11 1123328]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-12-11 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-16 1838592]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-16 138168]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-03 74384]

-----------------EOF-----------------

#6 prlg

prlg
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 04 February 2009 - 02:10 AM

here is the other log

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 04 February 2009 - 02:22 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\xxyYQhef.dll
    C:\WINDOWS\system32\lwvkbhcl.ini
    C:\WINDOWS\system32\xgxjuiaf.ini
    C:\WINDOWS\system32\gcxlwvuc.ini
    C:\WINDOWS\system32\taxsvbqv.ini
    C:\WINDOWS\system32\djkaxevn.ini
    C:\WINDOWS\system32\hbmergfb.ini
    C:\WINDOWS\system32\uouuhsxx.ini
    C:\WINDOWS\system32\wohpmsik.ini
    C:\WINDOWS\system32\jlevsplb.ini
    C:\WINDOWS\system32\bvkyjwhu.ini
    C:\WINDOWS\system32\holtafvf.ini
    C:\WINDOWS\system32\ruehemee.ini
    C:\WINDOWS\system32\acerlojl.ini
    C:\WINDOWS\system32\tpfmdkko.ini
    C:\WINDOWS\system32\yxmntyxx.ini
    C:\WINDOWS\system32\fjojinjl.ini
    C:\WINDOWS\system32\ldvkektt.ini
    C:\WINDOWS\system32\wciydvkk.ini
    C:\WINDOWS\system32\falvvopw.ini
    C:\WINDOWS\system32\afhxajqg.ini
    C:\WINDOWS\system32\qwnbckti.ini
    C:\WINDOWS\system32\elultasw.ini
    C:\WINDOWS\system32\mqkmummb.ini
    C:\WINDOWS\system32\sjlgaija.ini
    C:\WINDOWS\system32\apcelkbr.ini
    C:\WINDOWS\system32\pltdgsvt.ini
    C:\WINDOWS\system32\hwbcckhm.ini
    C:\WINDOWS\system32\8b823778-.txt
    C:\WINDOWS\system32\fehQYyxx.ini2
    C:\WINDOWS\system32\fehQYyxx.ini
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF662D83-6A0E-4226-9B8E-7D432EA9F13C}]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 prlg

prlg
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 04 February 2009 - 07:50 AM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rosie at 2009-02-04 13:43:37
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 136 GB (58%) free of 232 GB
Total RAM: 3062 MB (86% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-05-17 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-03-16 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-17 2549368]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-10 851968]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-07-10 137752]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-07-10 162328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-07-10 137752]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-08-28 36864]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-03 1228800]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-12-11 2183168]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-07-10 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-16 1838592]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-10 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-11-01 189736]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-29 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-04-18 3628080]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-16 3528440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-07-10 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-02-04 13:40:41 ----D---- C:\_OTMoveIt
2009-02-04 07:41:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-04 07:28:16 ----A---- C:\WINDOWS\gmer.ini
2009-02-04 07:28:14 ----RA---- C:\WINDOWS\gmer.exe
2009-02-04 07:28:14 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-04 07:28:14 ----A---- C:\WINDOWS\gmer.dll
2009-02-04 07:26:28 ----D---- C:\Program Files\trend micro
2009-02-04 07:26:27 ----D---- C:\rsit
2009-01-22 19:06:10 ----D---- C:\Documents and Settings\Rosie\Application Data\Malwarebytes
2009-01-22 19:06:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-21 17:02:51 ----D---- C:\WINDOWS\ERUNT
2009-01-21 16:59:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-21 15:36:37 ----HD---- C:\WINDOWS\PIF
2008-11-21 01:21:18 ----D---- C:\Program Files\Common Files\Skype
2008-11-21 00:25:38 ----D---- C:\Program Files\MadSci
2008-11-21 00:25:06 ----A---- C:\WINDOWS\iun3405.exe
2008-11-21 00:22:11 ----D---- C:\madsci
2008-11-21 00:20:42 ----D---- C:\EA

======List of files/folders modified in the last 3 months======

2009-02-04 13:42:56 ----D---- C:\WINDOWS\Temp
2009-02-04 13:42:52 ----D---- C:\WINDOWS
2009-02-04 13:42:13 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-02-04 13:41:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-04 13:40:43 ----D---- C:\WINDOWS\Prefetch
2009-02-04 13:40:42 ----D---- C:\WINDOWS\system32
2009-02-04 13:35:58 ----D---- C:\Program Files\Mozilla Firefox
2009-02-04 07:45:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-04 07:41:32 ----D---- C:\WINDOWS\system32\drivers
2009-02-04 07:41:29 ----RD---- C:\Program Files
2009-02-04 04:29:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-03 19:23:33 ----D---- C:\Documents and Settings\Rosie\Application Data\Skype
2009-02-03 00:18:14 ----D---- C:\Documents and Settings\Rosie\Application Data\skypePM
2009-01-30 04:04:57 ----D---- C:\WINDOWS\system32\FxsTmp
2009-01-27 23:36:12 ----D---- C:\Program Files\Veoh Networks
2009-01-22 01:12:27 ----A---- C:\WINDOWS\system.ini
2009-01-21 18:05:59 ----D---- C:\WINDOWS\Registration
2009-01-21 15:18:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-18 14:39:01 ----D---- C:\Config.Msi
2009-01-18 02:32:13 ----SHD---- C:\WINDOWS\Installer
2008-12-28 16:17:23 ----D---- C:\WINDOWS\system32\config
2008-12-28 16:17:06 ----D---- C:\WINDOWS\system32\wbem
2008-12-24 14:08:40 ----D---- C:\Program Files\Google
2008-12-24 07:55:56 ----A---- C:\WINDOWS\imsins.BAK
2008-12-24 07:32:19 ----SD---- C:\WINDOWS\Tasks
2008-11-28 21:42:34 ----HD---- C:\WINDOWS\inf
2008-11-21 01:21:18 ----D---- C:\Program Files\Common Files
2008-11-21 00:25:40 ----A---- C:\WINDOWS\win.ini
2008-11-21 00:25:33 ----RSHD---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2006-08-16 225664]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-03 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-07-10 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-10 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-10 37376]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-07-10 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-03 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-03 211200]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-07-10 5707744]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2007-05-03 78720]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-07-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-10 202912]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-03 731136]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-12-11 1123328]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-04 85969]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-12-11 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-16 1838592]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-16 138168]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-03 74384]

-----------------EOF-----------------

#9 prlg

prlg
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 04 February 2009 - 07:52 AM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\xxyYQhef.dll not found.
C:\WINDOWS\system32\lwvkbhcl.ini moved successfully.
C:\WINDOWS\system32\xgxjuiaf.ini moved successfully.
C:\WINDOWS\system32\gcxlwvuc.ini moved successfully.
C:\WINDOWS\system32\taxsvbqv.ini moved successfully.
C:\WINDOWS\system32\djkaxevn.ini moved successfully.
C:\WINDOWS\system32\hbmergfb.ini moved successfully.
C:\WINDOWS\system32\uouuhsxx.ini moved successfully.
C:\WINDOWS\system32\wohpmsik.ini moved successfully.
C:\WINDOWS\system32\jlevsplb.ini moved successfully.
C:\WINDOWS\system32\bvkyjwhu.ini moved successfully.
C:\WINDOWS\system32\holtafvf.ini moved successfully.
C:\WINDOWS\system32\ruehemee.ini moved successfully.
C:\WINDOWS\system32\acerlojl.ini moved successfully.
C:\WINDOWS\system32\tpfmdkko.ini moved successfully.
C:\WINDOWS\system32\yxmntyxx.ini moved successfully.
C:\WINDOWS\system32\fjojinjl.ini moved successfully.
C:\WINDOWS\system32\ldvkektt.ini moved successfully.
C:\WINDOWS\system32\wciydvkk.ini moved successfully.
C:\WINDOWS\system32\falvvopw.ini moved successfully.
C:\WINDOWS\system32\afhxajqg.ini moved successfully.
C:\WINDOWS\system32\qwnbckti.ini moved successfully.
C:\WINDOWS\system32\elultasw.ini moved successfully.
C:\WINDOWS\system32\mqkmummb.ini moved successfully.
C:\WINDOWS\system32\sjlgaija.ini moved successfully.
C:\WINDOWS\system32\apcelkbr.ini moved successfully.
C:\WINDOWS\system32\pltdgsvt.ini moved successfully.
C:\WINDOWS\system32\hwbcckhm.ini moved successfully.
C:\WINDOWS\system32\8b823778-.txt moved successfully.
C:\WINDOWS\system32\fehQYyxx.ini2 moved successfully.
C:\WINDOWS\system32\fehQYyxx.ini moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF662D83-6A0E-4226-9B8E-7D432EA9F13C}\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Rosie\LOCALS~1\Temp\etilqs_YemkNAAcg25Hm4mlI1cl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Rosie\LOCALS~1\Temp\Perflib_Perfdata_ab8.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Rosie\LOCALS~1\Temp\~DF1DFE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02042009_134041

Files moved on Reboot...
File C:\DOCUME~1\Rosie\LOCALS~1\Temp\etilqs_YemkNAAcg25Hm4mlI1cl not found!
File C:\DOCUME~1\Rosie\LOCALS~1\Temp\Perflib_Perfdata_ab8.dat not found!
C:\DOCUME~1\Rosie\LOCALS~1\Temp\~DF1DFE.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Rosie\Local Settings\Application Data\Mozilla\Firefox\Profiles\m45oy36z.default\XUL.mfl moved successfully.

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 04 February 2009 - 10:22 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 prlg

prlg
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 06 February 2009 - 09:45 AM

Sorry it took me so long to reply....but I have been trying to run the online scanner but my internet is not going fast enough for it to run....if you have another program that I could try that would be nice....Other than my internet not working well my computer is running a lot better now.

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 06 February 2009 - 12:32 PM

Lets use this one.. But it takes quite a long time to run, so just run it when you're not using the computer, or better still, when you're sleeping.. :thumbup2:



Please download AVPTool by Kaspersky and save it to your desktop.
  • Please reboot into Safe Mode
  • Once you are in Safe Mode, double click the setup file to run and install it.
  • By default it will install to your Desktop (as Kaspersky Lab Tool folder)
  • A Kaspersky Virus Removal Tool window will open. There will be a tab that says Automatic Scan.
  • Under Automatic Scan make sure these are checked.
    • [1.] System Memory
      [2.] Startup Objects
      [3.] Disk Boot Sectors.
      [4.] My Computer.
      [5.] Also any other drives (Removable that you may have)
  • After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
  • Then choose OK again then you are back to the main screen.
  • Then click on Scan button.
  • It will automatically Neutralize any objects found.
  • If some objects are left unneutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized, then chooose the Delete option when prompted.
  • After that is done click on the Report button at the bottom and save it to file name as Kas.
  • Save it somewhere convenient like your Desktop and just post only the detected Virus\malware in the report. It will be at the very top under Detected. Post those results in your next reply.
  • When you close the AVPTool, you will be asked to uninstall the program.. Choose Yes..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 prlg

prlg
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 07 February 2009 - 06:51 PM

Here is the log from the scanner





Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\5VQ8NOBB\klite.ath[1].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\6JG52HEX\klite.ath[1].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\6JG52HEX\klite.ath[2].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\6KRYJ5JX\klite.ath[1].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\ALFGLCV2\klite.ath[1].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\EDS3IXKL\klite.ath[1].htm
deleted: Trojan program Trojan.Win32.Monder.amcc File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\EDS3IXKL\upd105320[1]
deleted: Trojan program Trojan.Win32.Monder.amuq File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\EDS3IXKL\upd105320[2]
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\FJKC1G45\klite.ath[1].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\HPQ3G5IJ\klite.ath[1].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\HPQ3G5IJ\klite.ath[2].htm
deleted: Trojan program Trojan.Win32.Monder.amky File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\HPQ3G5IJ\upd105320[1]
deleted: Trojan program Trojan.Win32.Monder.aoqj File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\HPQ3G5IJ\upd105320[3]
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\URKFE5YT\klite.ath[1].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\URKFE5YT\klite.ath[2].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\UTKXWV4B\klite.ath[1].htm
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\UTKXWV4B\klite.ath[2].htm
deleted: Trojan program Trojan.Win32.Monder.aqsh File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\WLMNO1EF\upd105320[1]
deleted: Trojan program Trojan-Downloader.JS.Psyme.amg File: C:\Documents and Settings\Rosie\Local Settings\Temporary Internet Files\Content.IE5\YT0NYDMX\klite.ath[1].htm

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 08 February 2009 - 12:47 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 prlg

prlg
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 10 February 2009 - 10:17 AM

Thank you so much for your help! My computer is running better than it has in a very long time! I think / hope it is all better now! Thanks agin for you help you guys are Awesome!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users