Virtumonde Infection / Antivirus and other ad popups

Hi,

About a month ago I was infected with a Virtumonde trojan, a keylogger, and SmitFraud after downloading an image from the web. Antivirus ad popups and popups related to other websites I was visiting, began to appear and I was unable to turn on my Windows Automatic Updates and Firewall. I followed a few online tutorials and believe I was able to remove the keylogger and SmitFraud. At this point, I was able to turn on my Windows Automatic Updates and Firewall again, but the Virtumonde trojan continued to come up in virus scan results and popup ads continued to appear.

I then began working with a BC Advisor in the "Am I Infected? What Do I Do?" forum. We ran many scans which you can read about here:

http://www.bleepingcomputer.com/forums/t/186745/unable-to-remove-virtumonde-infection/

At this point, the popup ads continue to appear and I have backed up my personal files to an external hard drive. The advisor suggested I post an HJT log. Please see the log below. I have replaced my Windows username with X's for security. Thank you for any help you can provide. I appreciate it!

DDS (Ver_09-01-19.01) - NTFSx86
Run by XXXXXXXXXX at 11:37:41.38 on Sat 01/31/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.530 [GMT -5:00]

AV: Internet Security Anti-Virus *On-access scanning disabled* (Updated)
FW: Internet Security Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\XXXXXXXXXX\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 193.129.184.167:8080
BHO: {367e4fc8-8927-4564-9727-8e7d56164d76} - c:\windows\system32\nojutoko.dll
BHO: {5c7b8430-4f1f-0ce8-31f4-9644ffd5b866}: {668b5dff-4469-4f13-8ec0-f1f40348b7c5} - c:\windows\system32\funpar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - d:\program files\norton systemworks\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\XXXXXXXXXX\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [mogipigeju] Rundll32.exe "c:\windows\system32\tifupeva.dll",s
mRun: [90a86e36] rundll32.exe "c:\windows\system32\vojifuje.dll",b
mRun: [CPM939b5daa] Rundll32.exe "c:\windows\system32\hawivobi.dll",a
dRun: [Picasa Media Detector] d:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\meadow~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169933971691
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: fccaYoom - fccaYoom.dll
AppInit_DLLs: c:\windows\system32\risoyaza.dll c:\windows\system32\hoyobuva.dll funpar.dll c:\windows\system32\hawivobi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hawivobi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\hawivobi.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGyaWoP
LSA: Notification Packages = scecli c:\windows\system32\hoyobuva.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\meadow~1\applic~1\mozilla\firefox\profiles\sxiznyuw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\XXXXXXXXXX\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\XXXXXXXXXX\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: d:\program files\divx\divx content uploader\npUpload.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-14 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-14 38208]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-8 308936]
R4 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\Savrtpel.sys [2002-7-25 34992]
S3 ADM8211;Wireless PC Card;c:\windows\system32\drivers\WLANPCI.sys [2003-1-28 86656]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-19 63176]
S3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthDriver.sys [2008-12-14 58152]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-14 40872]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-14 66984]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-14 81320]
S3 navapsvc;Norton AntiVirus Auto Protect Service;d:\program files\norton systemworks\norton antivirus\Navapsvc.exe [2002-8-19 116336]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080116.038\NAVENG.Sys [2008-1-17 82256]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080116.038\NavEx15.Sys [2008-1-17 895312]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 SAVRT;SAVRT;c:\windows\system32\drivers\savrt.sys [2002-7-25 235184]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools internet security\pctsAuxs.exe [2008-12-14 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools internet security\pctsSvc.exe [2008-12-14 1079208]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-12-14 33088]
S3 ThreatFire;ThreatFire;c:\program files\pc tools internet security\tfengine\tfservice.exe service --> c:\program files\pc tools internet security\tfengine\TFService.exe service [?]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408]

=============== Created Last 30 ================

2009-01-24 11:37 2,713 ---sh--- c:\windows\system32\juwefisi.dll
2009-01-24 11:37 1,384,649 ---sh--- c:\windows\system32\atoyetit.ini
2009-01-24 11:37 133,232 a--sh--- c:\windows\system32\funpar.dll
2009-01-19 20:37 1,384,649 ---sh--- c:\windows\system32\ejufijov.ini
2009-01-19 20:37 133,307 a--sh--- c:\windows\system32\pzmwuq.dll
2009-01-19 19:37 1,357,871 ---sh--- c:\windows\system32\egerupok.ini
2009-01-18 19:12 1,357,871 ---sh--- c:\windows\system32\ekekesih.ini
2009-01-18 19:12 133,906 a--sh--- c:\windows\system32\qylplj.dll
2009-01-18 18:12 1,354,509 ---sh--- c:\windows\system32\eyumakoy.ini
2009-01-13 18:24 120 ---sh--- c:\windows\system32\ihikabiw.tmp
2009-01-13 18:24 120 ---sh--- c:\windows\system32\ihikabiw.ini
2009-01-13 18:24 131,671 a--sh--- c:\windows\system32\zxceoh.dll
2009-01-12 20:17 1,302,218 ---sh--- c:\windows\system32\okiwamef.ini
2009-01-12 20:17 131,861 a------- c:\windows\system32\hiiifo.dll
2009-01-12 18:11 1,603,476 ---sh--- c:\windows\system32\ivazunuk.ini

==================== Find3M ====================

2009-01-31 11:25 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-01-24 11:37 133,232 a--sh--- c:\windows\system32\mohafilu.dll
2009-01-24 11:37 99,509 a--sh--- c:\windows\system32\hawivobi.dll
2009-01-19 20:37 87,175 a--sh--- c:\windows\system32\vojifuje.dll
2009-01-19 20:37 133,307 a--sh--- c:\windows\system32\putevama.dll
2009-01-19 20:37 100,150 a--sh--- c:\windows\system32\nojuvuva.dll
2009-01-19 19:37 99,980 a--sh--- c:\windows\system32\jowujino.dll
2009-01-19 19:37 64,828 a--sh--- c:\windows\system32\bamezafu.dll
2009-01-19 19:37 87,277 -------- c:\windows\system32\kopurege.dll
2009-01-18 19:12 133,906 a--sh--- c:\windows\system32\jibogosu.dll
2009-01-18 19:12 99,497 a--sh--- c:\windows\system32\soseyuma.dll
2009-01-18 18:12 63,796 a--sh--- c:\windows\system32\govegomu.dll
2009-01-18 18:12 100,513 a--sh--- c:\windows\system32\dovamewo.dll
2009-01-13 18:24 131,671 a--sh--- c:\windows\system32\kuyubuza.dll
2009-01-13 18:24 99,399 a--sh--- c:\windows\system32\pipibuju.dll
2009-01-12 20:17 131,861 a------- c:\windows\system32\yederoda.dll
2009-01-12 20:17 87,677 a------- c:\windows\system32\femawiko.dll
2009-01-12 19:17 99,970 a------- c:\windows\system32\punehomi.dll
2009-01-12 18:11 64,195 a--sh--- c:\windows\system32\nusuzefa.dll
2008-12-21 22:01 97,940 a--sh--- c:\windows\system32\dimisawo.dll
2008-12-21 22:01 85,100 -------- c:\windows\system32\fifugiku.dll
2008-12-21 11:44 64,000 a------- c:\windows\system32\~.exe
2008-12-21 10:00 83,171 -------- c:\windows\system32\bihawonu.dll
2008-12-21 10:00 95,818 a--sh--- c:\windows\system32\hudiyili.dll
2008-12-20 22:00 87,167 a--sh--- c:\windows\system32\rakedega.dll
2008-12-20 22:00 94,965 a--sh--- c:\windows\system32\nezovefo.dll
2008-12-20 09:54 98,037 a--sh--- c:\windows\system32\kegovahe.dll
2008-12-20 09:54 83,232 a--sh--- c:\windows\system32\difodime.dll
2008-12-18 22:14 3,844 a------- c:\windows\system32\tmp.reg
2008-12-18 19:00 87,154 a--sh--- c:\windows\system32\larihisu.dll
2008-12-18 19:00 96,041 a--sh--- c:\windows\system32\wisepale.dll
2008-12-18 19:00 62,520 a--sh--- c:\windows\system32\fihiyota.dll
2008-12-17 21:07 93,822 a--sh--- c:\windows\system32\suzezufu.dll
2008-12-17 21:07 85,262 a--sh--- c:\windows\system32\meyeyihi.dll
2008-12-17 07:10 93,815 a--sh--- c:\windows\system32\tokivafa.dll
2008-12-16 06:09 2,713 ---sh--- c:\windows\system32\ravoruna.exe
2008-12-03 19:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 19:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-07-09 07:13 724,984 a------- c:\documents and settings\XXXXXXXXXX\gotomypc_437.exe
2008-05-29 23:31 70,048 a------- c:\docume~1\meadow~1\applic~1\GDIPFONTCACHEV1.DAT
2008-03-28 18:31 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-01-27 16:36 32 a--sh--- c:\windows\{27364CC4-3A85-46DC-9C3D-102E2DACA8AF}.dat
2007-01-27 16:37 32 a--sh--- c:\windows\{69E35503-C93B-4416-892D-EFF84FD715A2}.dat
0000-00-00 00:00 64,828 a--sh--- c:\windows\system32\hoyobuva.dll
0000-00-00 00:00 64,828 a--sh--- c:\windows\system32\nojutoko.dll
0000-00-00 00:00 64,828 a--sh--- c:\windows\system32\tifupeva.dll
2007-01-27 16:36 32 a--sh--- c:\windows\system32\{8796714E-CE4B-472F-AF4D-324F1FCAFC61}.dat
2007-01-27 16:37 32 a--sh--- c:\windows\system32\{8F9D0A58-1D9E-41CB-B324-230C650C03E2}.dat

============= FINISH: 11:38:44.15 ===============

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.

• Double click on RSIT.exe to run RSIT
• Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT


Please download GMER and unzip it to your Desktop.

• Open the program and click on the Rootkit tab.
• Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
• Click on Scan.
• When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Malwarebytes' Anti-Malware 1.33
Database version: 1713
Windows 5.1.2600 Service Pack 2

2/1/2009 3:00:57 PM
mbam-log-2009-02-01 (15-00-57).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 162107
Time elapsed: 57 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 12
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 51

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fatenuva.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hoyobuva.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nojutoko.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tifupeva.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\susonuno.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ufaxyf.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15e61691-8e4b-4b67-b4a3-89582bd255b7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15e61691-8e4b-4b67-b4a3-89582bd255b7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{367e4fc8-8927-4564-9727-8e7d56164d76} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{367e4fc8-8927-4564-9727-8e7d56164d76} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{367e4fc8-8927-4564-9727-8e7d56164d76} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15e61691-8e4b-4b67-b4a3-89582bd255b7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\90a86e36 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mogipigeju (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm939b5daa (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\hoyobuva.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hoyobuva.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\hoyobuva.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\susonuno.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\susonuno.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ufaxyf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bihawonu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unowahib.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\difodime.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emidofid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fatenuva.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\avunetaf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\femawiko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\okiwamef.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fifugiku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukigufif.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kopurege.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\egerupok.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\larihisu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usihiral.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyeyihi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihiyeyem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rakedega.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agedekar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tifupeva.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\susonuno.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nojutoko.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hoyobuva.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Temporary Internet Files\Content.IE5\NYNL9MRS\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Temporary Internet Files\Content.IE5\UNRC2C9M\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE46BEEE-E4E6-4F7E-ADF9-8304E878CFF3}\RP746\A0037032.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE46BEEE-E4E6-4F7E-ADF9-8304E878CFF3}\RP765\A0041888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE46BEEE-E4E6-4F7E-ADF9-8304E878CFF3}\RP770\A0043188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE46BEEE-E4E6-4F7E-ADF9-8304E878CFF3}\RP771\A0043202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE46BEEE-E4E6-4F7E-ADF9-8304E878CFF3}\RP772\A0043214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE46BEEE-E4E6-4F7E-ADF9-8304E878CFF3}\RP773\A0043228.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jepazeje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kegovahe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\punehomi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisepale.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bamezafu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dovamewo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hiiifo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nezovefo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soseyuma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jibogosu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hudiyili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yederoda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxceoh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qylplj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuyubuza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dimisawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tokivafa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pipibuju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fihiyota.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.05 (written by random/random)
Run by XXXXXXXXXX at 2009-02-01 15:10:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (56%) free of 24 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:41, on 2/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\XXXXXXXXXX\Desktop\RSIT.exe
C:\Program Files\trend micro\XXXXXXXXXX.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.129.184.167:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169933971691
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\risoyaza.dll ufaxyf.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccaYoom - fccaYoom.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe

--
End of file - 8888 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-842925246-725345543-1003.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\npzhxdde.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-08-20 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2007-01-27 100056]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2005-07-22 172032]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-07-22 49152]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Google Update"=C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 133104]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\XXXXXXXXXX\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\risoyaza.dll ufaxyf.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaYoom]
fccaYoom.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\hgGyaWoP

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=FF000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="D:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe"="D:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe:*:Enabled:ccEvtMgr"
"C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE"="C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE:*:Enabled:AUpdate"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:ccApp"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Logitech\Video\CameraAssistant.exe"="C:\Program Files\Logitech\Video\CameraAssistant.exe:*:Enabled:CameraAssistant"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\system32\LVCOMSX.EXE"="C:\WINDOWS\system32\LVCOMSX.EXE:*:Enabled:LVCOMSX"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE"
"D:\Program Files\iTunes\iTunesHelper.exe"="D:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper"
"C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"="C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe:*:Enabled:AcroTray"
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe:*:Enabled:DirectCD"
"C:\WINDOWS\system32\devldr32.exe"="C:\WINDOWS\system32\devldr32.exe:*:Enabled:devldr32"
"C:\WINDOWS\system32\ElkCtrl.exe"="C:\WINDOWS\system32\ElkCtrl.exe:*:Enabled:ElkCtrl"
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe:*:Enabled:hpcmpmgr"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\zehekilo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yesigoju.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\telariva.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\putevama.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nusuzefa.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nojuvuva.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\mohafilu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\lidanufu.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\lahekede.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jowujino.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\hawivobi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\govegomu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\fasapako.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\duzileru.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\dirupahu.dll.tmp
2009-02-01 15:10:33 ----D---- C:\Program Files\trend micro
2009-02-01 15:10:32 ----D---- C:\rsit
2009-02-01 08:30:16 ----SH---- C:\WINDOWS\system32\wibotelo.dll
2009-02-01 08:29:54 ----SH---- C:\WINDOWS\system32\ubopubow.ini
2009-01-31 12:22:34 ----SH---- C:\WINDOWS\system32\bibuwoge.dll
2009-01-31 12:22:33 ----ASH---- C:\WINDOWS\system32\ntxvup.dll
2009-01-24 11:37:34 ----SH---- C:\WINDOWS\system32\juwefisi.dll
2009-01-24 11:37:11 ----SH---- C:\WINDOWS\system32\atoyetit.ini
2009-01-24 11:37:08 ----ASH---- C:\WINDOWS\system32\funpar.dll
2009-01-19 20:37:45 ----SH---- C:\WINDOWS\system32\ejufijov.ini
2009-01-19 20:37:44 ----ASH---- C:\WINDOWS\system32\pzmwuq.dll
2009-01-18 19:12:52 ----SH---- C:\WINDOWS\system32\ekekesih.ini
2009-01-18 18:12:27 ----SH---- C:\WINDOWS\system32\eyumakoy.ini
2009-01-13 18:24:13 ----SH---- C:\WINDOWS\system32\ihikabiw.tmp
2009-01-13 18:24:13 ----SH---- C:\WINDOWS\system32\ihikabiw.ini
2009-01-12 18:11:12 ----SH---- C:\WINDOWS\system32\ivazunuk.ini
2009-01-03 19:40:55 ----D---- C:\WINDOWS\Minidump
2008-12-21 09:56:57 ----D---- C:\Program Files\directx
2008-12-21 09:56:27 ----D---- C:\Program Files\Hasbro Interactive
2008-12-17 21:26:31 ----D---- C:\WINDOWS\ERUNT
2008-12-17 21:20:13 ----D---- C:\SDFix
2008-12-17 07:10:43 ----SH---- C:\WINDOWS\system32\iziyujum.ini
2008-12-16 23:29:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 23:28:55 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-16 23:28:55 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\SUPERAntiSpyware.com
2008-12-16 23:28:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-16 19:50:57 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Malwarebytes
2008-12-16 19:50:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-16 19:50:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-16 06:09:35 ----SH---- C:\WINDOWS\system32\ravoruna.exe
2008-12-14 22:27:55 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-14 22:02:14 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-14 21:09:27 ----SH---- C:\WINDOWS\system32\ijafoyeb.ini
2008-12-14 12:35:58 ----SH---- C:\WINDOWS\system32\pqudjgfv.ini
2008-12-14 09:10:43 ----D---- C:\VundoFix Backups
2008-12-14 09:10:43 ----A---- C:\VundoFix.txt
2008-12-14 05:22:18 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-14 05:07:48 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\PCToolsFirewallPlus
2008-12-14 05:07:47 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\PCToolsSpamMonitorPlus
2008-12-14 05:06:41 ----D---- C:\Program Files\PC Tools Internet Security
2008-12-14 05:06:41 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\PC Tools
2008-12-14 05:06:41 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-12-13 23:49:00 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-13 23:48:44 ----A---- C:\rapport.txt
2008-12-13 23:48:08 ----D---- C:\SmitfraudFix
2008-12-13 23:42:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-13 23:42:37 ----D---- C:\Program Files\Common Files\PC Tools
2008-12-13 23:39:29 ----SHD---- C:\WINDOWS\CSC
2008-12-13 23:39:18 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-13 23:13:32 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Help
2008-12-13 13:29:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-13 13:29:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-13 13:25:53 ----D---- C:\Program Files\Lavasoft
2008-12-13 13:25:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-13 13:20:16 ----D---- C:\Program Files\NoAdware
2008-12-11 19:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 19:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 19:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 19:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-15 10:58:32 ----D---- C:\Program Files\AviSynth 2.5
2008-11-15 10:58:04 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-11-15 10:04:18 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\gtk-2.0
2008-11-12 19:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 19:29:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 3 months======

2009-02-01 15:10:33 ----RD---- C:\Program Files
2009-02-01 15:10:16 ----D---- C:\WINDOWS\Prefetch
2009-02-01 15:05:06 ----SHD---- C:\Config.Msi
2009-02-01 15:05:06 ----D---- C:\WINDOWS\system32
2009-02-01 15:05:05 ----SHD---- C:\WINDOWS\Installer
2009-02-01 15:05:03 ----D---- C:\WINDOWS\Temp
2009-02-01 15:05:02 ----D---- C:\Program Files\Mozilla Firefox
2009-02-01 15:03:09 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-01 15:02:56 ----D---- C:\Program Files\Common Files
2009-02-01 15:02:28 ----D---- C:\WINDOWS\system32\drivers
2009-02-01 15:02:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-31 11:36:13 ----SD---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Microsoft
2009-01-25 22:37:17 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Skype
2009-01-24 20:25:17 ----HD---- C:\WINDOWS\inf
2009-01-24 20:25:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-24 11:50:11 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Mozilla
2009-01-12 18:23:17 ----SD---- C:\WINDOWS\Tasks
2009-01-03 19:40:55 ----D---- C:\WINDOWS
2008-12-21 09:56:34 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-19 02:56:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 22:11:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 21:07:45 ----ASH---- C:\WINDOWS\system32\suzezufu.dll
2008-12-15 23:12:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-14 22:27:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-14 22:26:00 ----A---- C:\WINDOWS\wininit.ini
2008-12-14 08:02:34 ----D---- C:\WINDOWS\system
2008-12-13 20:37:48 ----D---- C:\Program Files\Vstplugins
2008-12-13 13:22:04 ----D---- C:\Program Files\MyPublisher
2008-12-13 08:41:15 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Adobe
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 19:33:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 19:33:27 ----D---- C:\Program Files\Internet Explorer
2008-12-11 19:30:13 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\skypePM
2008-11-12 19:29:13 ----D---- C:\WINDOWS\WinSxS
2008-11-09 22:50:21 ----D---- C:\Program Files\Skype
2008-11-07 22:04:55 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-16 1918464]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-12-05 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2005-12-05 2010240]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424]
R3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-12-05 1103488]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-07-17 93952]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 ADM8211;Wireless PC Card; C:\WINDOWS\system32\DRIVERS\WLANPCI.sys [2003-01-28 86656]
S3 catchme;catchme; \??\C:\DOCUME~1\MEADOW~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 FWAuth;FWAuth Driver; \??\C:\WINDOWS\system32\drivers\FWAuthDriver.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40872]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66984]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81320]
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080116.038\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080116.038\NavEx15.Sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-16 434176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-30 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-28 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 navapsvc;Norton AntiVirus Auto Protect Service; D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [2002-08-19 116336]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools Internet Security\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\PC Tools Internet Security\pctsSvc.exe [2008-10-15 1079208]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []
S3 ThreatFire;ThreatFire; C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe [2008-06-06 66880]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-02-01 15:10:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe

RealNetworks|RealPlayer|6.0
-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{58DD5143-4417-4F43-A7DD-5B8B29CEDBEA}
-->MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132

C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common

Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common

Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe

/X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe

/I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe

/I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe

/I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe

/I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe

/I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe

/I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe

/I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe

/I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Device Central CS3-->MsiExec.exe

/I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common

Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe

/I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash CS3 Professional-->C:\Program Files\Common

Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10

Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe

/X{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}
Adobe Flash Player 9 ActiveX-->MsiExec.exe

/X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe

/I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe

/I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"D:\Program

Files\Adobe\Photoshop 7.0\Uninst.isu" -c"D:\Program Files\Adobe\Photoshop

7.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE

C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe

/I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe

/I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe

/I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
AnalogX Vocal Remover (WinAmp)-->D:\Program Files\Plugins\wavremu.exe
Apple Mobile Device Support-->MsiExec.exe

/I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver-->rundll32

C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16

-force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avidemux 2.4-->D:\Program Files\Avidemux 2.4\uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Blender (remove only)-->"D:\Program Files\Blender\uninstall.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Citrix ICA Web Client-->C:\WINDOWS\system32\ctxsetup.exe /uninst

C:\PROGRA~1\Citrix\icaweb32\uninst.inf
DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->D:\Program

Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic-->MsiExec.exe

/I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
FoodWise-->D:\PROGRA~1\FoodWise\UNWISE.EXE D:\PROGRA~1\FoodWise\INSTALL.LOG
Google Talk Plugin-->MsiExec.exe /I{B279F2F1-3B2F-3A96-AC11-5743CD43DCCB}
HijackThis 2.0.2-->"C:\Documents and

Settings\XXXXXXXXXX\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7

(KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK

(KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11

(KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP

(KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP

(KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP

(KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
Hotfix for Windows XP

(KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 3740 Series-->rundll32 hpzcon10.dll,VendorJettison HP Deskjet 3740

Series
HP Deskjet 3740-->msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
HP Software Update-->MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe

/I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe

/I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jeopardy! 2nd Edition-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{DADE7970-4E6A-11D4-8BA5-0050BAAA20E2}\setup.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec

Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program

Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech QuickCam Software-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchS

etup "C:\Program Files\InstallShield Installation

Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common

Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes'

Anti-Malware\unins000.exe"
Memorex exPressit Label Design Studio-->C:\WINDOWS\mvuninst\App1\mvuninst.exe

"Memorex exPressit Label Design Studio"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe

/I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows

XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation

APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spunins

t.exe"
Microsoft National Language Support Downlevel

APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuni

nst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe

/I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe

/X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack

1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe

/X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla

Firefox\uninstall\helper.exe
msxml4-->MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton SystemWorks 2003-->MsiExec.exe

/I{43C3D832-AC96-463A-2003-1B8D1BFA2523}
PC Tools Internet Security 2009-->C:\Program Files\PC Tools Internet

Security\unins000.exe /SILENT /LOG
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pdf995-->D:\Program Files\TaxCut06\pdf995\setup.exe uninstall
PdfEdit995-->D:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe -

uninstall
Picasa 2-->"D:\Program Files\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe

RealNetworks|RealPlayer|6.0
Security Update for Windows Internet Explorer 7

(KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder

(KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player

(KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player

(KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11

(KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11

(KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4

(KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9

(KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe

C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP

(KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shutterfly Plugin-->D:\PROGRA~1\SHUTTE~1\UNWISE.EXE

D:\PROGRA~1\SHUTTE~1\INSTALL.LOG
Sibelius Scorch-->MsiExec.exe /I{51C65CD6-A344-41B5-81E2-3CCAC8024F68}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Media Manager 2.2-->MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Special Delivery-->MsiExec.exe /I{99269AE3-B07E-4E9F-A45A-52DE857EB85C}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search &

Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe

/X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TaxCut Premium 2006-->D:\PROGRA~1\TaxCut06\Program\removetc.exe
The Sims™ 2 Double Deluxe-->D:\Program Files\EA GAMES\The Sims 2 Double

Deluxe\EAUninstall.exe
Trillian-->D:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP

(KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP

(KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP

(KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP

(KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP

(KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP

(KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP

(KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP

(KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP

(KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP

(KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP

(KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP

(KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP

(KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP

(KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP

(KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP

(KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP

(KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP

(KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP

(KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP

(KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoThang™ 2.1.0-->"D:\Program Files\VideoThangTM\unins000.exe"
Windows Installer 3.1

(KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I

{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe

/I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media

Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11

runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media

Player\Setup_wm.exe" /Uninstall
Windows Media Player

11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix -

KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix -

KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix -

KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix -

KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix -

KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix -

KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix -

KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix -

KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix -

KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Internet Security Anti-Virus (disabled)
FW: Internet Security Firewall (disabled)

System event log

Computer Name: XXXXXXXXXX
Event Code: 7036
Message: The Symantec Password Validation Service service entered the running

state.

Record Number: 40346
Source Name: Service Control Manager
Time Written: 20081213225631.000000-300
Event Type: information
User:

Computer Name: XXXXXXXXXX
Event Code: 7035
Message: The Symantec Password Validation Service service was successfully

sent a start control.

Record Number: 40345
Source Name: Service Control Manager
Time Written: 20081213225631.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: XXXXXXXXXX
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 40344
Source Name: Service Control Manager
Time Written: 20081213225625.000000-300
Event Type: information
User:

Computer Name: XXXXXXXXXX
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start

control.

Record Number: 40343
Source Name: Service Control Manager
Time Written: 20081213225624.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: XXXXXXXXXX
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 40342
Source Name: Service Control Manager
Time Written: 20081213225622.000000-300
Event Type: information
User:

Application event log

Computer Name: XXXXXXXXXX
Event Code: 1001
Message: Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}',

feature 'Phone' failed during request for component

'{57FF4446-590E-4894-AE39-D55928DBDE01}'

Record Number: 9479
Source Name: MsiInstaller
Time Written: 20090125222708.000000-300
Event Type: warning
User: XXXXXXXXXX\XXXXXXXXXX

Computer Name: XXXXXXXXXX
Event Code: 1004
Message: Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}',

feature 'Phone', component '{98916693-F0B5-4923-8BC6-1F0E6A883411}' failed.

The resource 'HKEY_CURRENT_USER\Software\Skype\Phone\FE_label' does not

exist.

Record Number: 9478
Source Name: MsiInstaller
Time Written: 20090125222708.000000-300
Event Type: warning
User: XXXXXXXXXX\XXXXXXXXXX

Computer Name: XXXXXXXXXX
Event Code: 20
Message:
Record Number: 9477
Source Name: Google Update
Time Written: 20090125215553.000000-300
Event Type: error
User: XXXXXXXXXX\XXXXXXXXXX

Computer Name: XXXXXXXXXX
Event Code: 20
Message:
Record Number: 9476
Source Name: Google Update
Time Written: 20090125205553.000000-300
Event Type: error
User: XXXXXXXXXX\XXXXXXXXXX

Computer Name: XXXXXXXXXX
Event Code: 20
Message:
Record Number: 9475
Source Name: Google Update
Time Written: 20090125195553.000000-300
Event Type: error
User: XXXXXXXXXX\XXXXXXXXXX

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Progr

am Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common

Files\Adaptec Shared\System;C:\Program Files\Common

Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached is the GMER log file.

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

4 - HKUS\S-1-5-19\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\risoyaza.dll ufaxyf.dll
O20 - Winlogon Notify: fccaYoom - fccaYoom.dll (file missing)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer

• Save it to your Desktop.
• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  

  :processes
  explorer.exe
  
  :services
  
  :files
  C:\WINDOWS\tasks\npzhxdde.job
  c:\windows\system32\risoyaza.dll
  c:\windows\system32\ufaxyf.dll
  C:\WINDOWS\system32\zehekilo.dll
  C:\WINDOWS\system32\yesigoju.dll.tmp
  C:\WINDOWS\system32\telariva.dll
  C:\WINDOWS\system32\putevama.dll
  C:\WINDOWS\system32\nusuzefa.dll
  C:\WINDOWS\system32\nojuvuva.dll
  C:\WINDOWS\system32\mohafilu.dll
  C:\WINDOWS\system32\lidanufu.dll.tmp
  C:\WINDOWS\system32\lahekede.dll.tmp
  C:\WINDOWS\system32\jowujino.dll
  C:\WINDOWS\system32\hawivobi.dll
  C:\WINDOWS\system32\govegomu.dll
  C:\WINDOWS\system32\fasapako.dll.tmp
  C:\WINDOWS\system32\duzileru.dll.tmp
  C:\WINDOWS\system32\dirupahu.dll.tmp
  C:\WINDOWS\system32\wibotelo.dll
  C:\WINDOWS\system32\ubopubow.ini
  C:\WINDOWS\system32\bibuwoge.dll
  C:\WINDOWS\system32\ntxvup.dll
  C:\WINDOWS\system32\juwefisi.dll
  C:\WINDOWS\system32\atoyetit.ini
  C:\WINDOWS\system32\funpar.dll
  C:\WINDOWS\system32\ejufijov.ini
  C:\WINDOWS\system32\pzmwuq.dll
  C:\WINDOWS\system32\ekekesih.ini
  C:\WINDOWS\system32\eyumakoy.ini
  C:\WINDOWS\system32\ihikabiw.tmp
  C:\WINDOWS\system32\ihikabiw.ini
  C:\WINDOWS\system32\ivazunuk.ini
  C:\WINDOWS\system32\iziyujum.ini
  C:\WINDOWS\system32\ravoruna.exe
  C:\WINDOWS\system32\ijafoyeb.ini
  C:\WINDOWS\system32\pqudjgfv.ini
  C:\WINDOWS\system32\suzezufu.dll
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLS"=""
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaYoom]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
  "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]

• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

After running HijackThis, I see all the entries except:

4 - HKUS\S-1-5-19\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'LOCAL SERVICE')

Did you mean:

O4 - HKUS\S-1-5-19\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'LOCAL SERVICE')

I just wanted to make sure.

After running HijackThis, I see all the entries except:

4 - HKUS\S-1-5-19\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'LOCAL SERVICE')

Did you mean:

O4 - HKUS\S-1-5-19\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'LOCAL SERVICE')

I just wanted to make sure.

Yup that's one.. Sorry.. my fault for the typo

After running HijackThis, I see all the entries except:

4 - HKUS\S-1-5-19\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'LOCAL SERVICE')

Did you mean:

O4 - HKUS\S-1-5-19\..\Run: [mogipigeju] Rundll32.exe "C:\WINDOWS\system32\tifupeva.dll",s (User 'LOCAL SERVICE')

I just wanted to make sure.

Yup that's one.. Sorry.. my fault for the typo

Here are the OTMoveIt3 and RSIT logs. FYI: When the system rebooted a RUNDLL error popped up. It read, "Error loading C:\WINDOWS\system32\suzezufu.dll. The specified module could not be found."

OTMoveIt3

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINDOWS\tasks\npzhxdde.job moved successfully.
File/Folder c:\windows\system32\risoyaza.dll not found.
File/Folder c:\windows\system32\ufaxyf.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\zehekilo.dll
C:\WINDOWS\system32\zehekilo.dll NOT unregistered.
C:\WINDOWS\system32\zehekilo.dll moved successfully.
C:\WINDOWS\system32\yesigoju.dll.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\telariva.dll
C:\WINDOWS\system32\telariva.dll NOT unregistered.
C:\WINDOWS\system32\telariva.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\putevama.dll
C:\WINDOWS\system32\putevama.dll NOT unregistered.
C:\WINDOWS\system32\putevama.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nusuzefa.dll
C:\WINDOWS\system32\nusuzefa.dll NOT unregistered.
C:\WINDOWS\system32\nusuzefa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nojuvuva.dll
C:\WINDOWS\system32\nojuvuva.dll NOT unregistered.
C:\WINDOWS\system32\nojuvuva.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mohafilu.dll
C:\WINDOWS\system32\mohafilu.dll NOT unregistered.
C:\WINDOWS\system32\mohafilu.dll moved successfully.
C:\WINDOWS\system32\lidanufu.dll.tmp moved successfully.
C:\WINDOWS\system32\lahekede.dll.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jowujino.dll
C:\WINDOWS\system32\jowujino.dll NOT unregistered.
C:\WINDOWS\system32\jowujino.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hawivobi.dll
C:\WINDOWS\system32\hawivobi.dll NOT unregistered.
C:\WINDOWS\system32\hawivobi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\govegomu.dll
C:\WINDOWS\system32\govegomu.dll NOT unregistered.
C:\WINDOWS\system32\govegomu.dll moved successfully.
C:\WINDOWS\system32\fasapako.dll.tmp moved successfully.
C:\WINDOWS\system32\duzileru.dll.tmp moved successfully.
C:\WINDOWS\system32\dirupahu.dll.tmp moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\wibotelo.dll
C:\WINDOWS\system32\wibotelo.dll NOT unregistered.
C:\WINDOWS\system32\wibotelo.dll moved successfully.
C:\WINDOWS\system32\ubopubow.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\bibuwoge.dll
C:\WINDOWS\system32\bibuwoge.dll NOT unregistered.
C:\WINDOWS\system32\bibuwoge.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ntxvup.dll
C:\WINDOWS\system32\ntxvup.dll NOT unregistered.
C:\WINDOWS\system32\ntxvup.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\juwefisi.dll
C:\WINDOWS\system32\juwefisi.dll NOT unregistered.
C:\WINDOWS\system32\juwefisi.dll moved successfully.
C:\WINDOWS\system32\atoyetit.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\funpar.dll
C:\WINDOWS\system32\funpar.dll NOT unregistered.
C:\WINDOWS\system32\funpar.dll moved successfully.
C:\WINDOWS\system32\ejufijov.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pzmwuq.dll
C:\WINDOWS\system32\pzmwuq.dll NOT unregistered.
C:\WINDOWS\system32\pzmwuq.dll moved successfully.
C:\WINDOWS\system32\ekekesih.ini moved successfully.
C:\WINDOWS\system32\eyumakoy.ini moved successfully.
C:\WINDOWS\system32\ihikabiw.tmp moved successfully.
C:\WINDOWS\system32\ihikabiw.ini moved successfully.
C:\WINDOWS\system32\ivazunuk.ini moved successfully.
C:\WINDOWS\system32\iziyujum.ini moved successfully.
C:\WINDOWS\system32\ravoruna.exe moved successfully.
C:\WINDOWS\system32\ijafoyeb.ini moved successfully.
C:\WINDOWS\system32\pqudjgfv.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\suzezufu.dll
C:\WINDOWS\system32\suzezufu.dll NOT unregistered.
C:\WINDOWS\system32\suzezufu.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\fccaYoom\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication

Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed.

C:\DOCUME~1\MEADOW~1\LOCALS~1\Temp\etilqs_LUbdUHAk0joMdhOIScw2 scheduled to

be deleted on reboot.
File delete failed. C:\DOCUME~1\MEADOW~1\LOCALS~1\Temp\~DF3495.tmp scheduled

to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local

Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be

deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\XXXXXXXXXX\Local

Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\Cache\_CACHE_001_ scheduled to

be deleted on reboot.
File delete failed. C:\Documents and Settings\XXXXXXXXXX\Local

Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\Cache\_CACHE_002_ scheduled to

be deleted on reboot.
File delete failed. C:\Documents and Settings\XXXXXXXXXX\Local

Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\Cache\_CACHE_003_ scheduled to

be deleted on reboot.
File delete failed. C:\Documents and Settings\XXXXXXXXXX\Local

Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\Cache\_CACHE_MAP_ scheduled to

be deleted on reboot.
File delete failed. C:\Documents and Settings\XXXXXXXXXX\Local

Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\urlclassifier3.sqlite

scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\XXXXXXXXXX\Local

Settings\Application Data\Mozilla\Firefox\Profiles\sxiznyuw.default\XUL.mfl

scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02032009_213942

Files moved on Reboot...
File C:\DOCUME~1\MEADOW~1\LOCALS~1\Temp\etilqs_LUbdUHAk0joMdhOIScw2 not

found!
C:\DOCUME~1\MEADOW~1\LOCALS~1\Temp\~DF3495.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local

Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved

on reboot.
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\Cache\_CACHE_001_ moved

successfully.
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\Cache\_CACHE_002_ moved

successfully.
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\Cache\_CACHE_003_ moved

successfully.
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\Cache\_CACHE_MAP_ moved

successfully.
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\urlclassifier3.sqlite moved

successfully.
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application

Data\Mozilla\Firefox\Profiles\sxiznyuw.default\XUL.mfl moved successfully.


RSIT Log

Logfile of random's system information tool 1.05 (written by random/random)
Run by XXXXXXXXXX at 2009-02-03 21:49:43
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (56%) free of 24 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:51, on 2/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\XXXXXXXXXX\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\XXXXXXXXXX.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.129.184.167:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CPM939b5daa] Rundll32.exe "C:\WINDOWS\system32\suzezufu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169933971691
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\telariva.dll c:\windows\system32\nojuvuva.dll c:\windows\system32\jowujino.dll c:\windows\system32\hawivobi.dll c:\windows\system32\suzezufu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\suzezufu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\suzezufu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe

--
End of file - 9063 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-842925246-725345543-1003.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-08-20 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2007-01-27 100056]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2005-07-22 172032]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-07-22 49152]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"CPM939b5daa"=C:\WINDOWS\system32\suzezufu.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Google Update"=C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 133104]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\XXXXXXXXXX\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\telariva.dll c:\windows\system32\nojuvuva.dll c:\windows\system32\jowujino.dll c:\windows\system32\hawivobi.dll c:\windows\system32\suzezufu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\suzezufu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\suzezufu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=FF000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="D:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe"="D:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Google Talk

Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Google Talk

Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe:*:Enabled:ccEvtMgr"
"C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE"="C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE:*:Enabled:AUpdate"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:ccApp"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Logitech\Video\CameraAssistant.exe"="C:\Program Files\Logitech\Video\CameraAssistant.exe:*:Enabled:CameraAssistant"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\system32\LVCOMSX.EXE"="C:\WINDOWS\system32\LVCOMSX.EXE:*:Enabled:LVCOMSX"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE"
"D:\Program Files\iTunes\iTunesHelper.exe"="D:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper"
"C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"="C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe:*:Enabled:AcroTray"
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe:*:Enabled:DirectCD"
"C:\WINDOWS\system32\devldr32.exe"="C:\WINDOWS\system32\devldr32.exe:*:Enabled:devldr32"
"C:\WINDOWS\system32\ElkCtrl.exe"="C:\WINDOWS\system32\ElkCtrl.exe:*:Enabled:ElkCtrl"
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe:*:Enabled:hpcmpmgr"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-02-03 21:39:42 ----D---- C:\_OTMoveIt
2009-02-01 21:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-01 21:00:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-01 15:13:00 ----A---- C:\WINDOWS\gmer.ini
2009-02-01 15:12:58 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-01 15:12:58 ----A---- C:\WINDOWS\gmer.exe
2009-02-01 15:12:58 ----A---- C:\WINDOWS\gmer.dll
2009-02-01 15:10:33 ----D---- C:\Program Files\trend micro
2009-02-01 15:10:32 ----D---- C:\rsit
2009-01-03 19:40:55 ----D---- C:\WINDOWS\Minidump
2008-12-21 09:56:57 ----D---- C:\Program Files\directx
2008-12-21 09:56:27 ----D---- C:\Program Files\Hasbro Interactive
2008-12-17 21:26:31 ----D---- C:\WINDOWS\ERUNT
2008-12-17 21:20:13 ----D---- C:\SDFix
2008-12-16 23:29:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 23:28:55 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-16 23:28:55 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\SUPERAntiSpyware.com
2008-12-16 23:28:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-16 19:50:57 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Malwarebytes
2008-12-16 19:50:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-16 19:50:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-14 22:27:55 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-14 22:02:14 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-14 09:10:43 ----D---- C:\VundoFix Backups
2008-12-14 09:10:43 ----A---- C:\VundoFix.txt
2008-12-14 05:22:18 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-14 05:07:48 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\PCToolsFirewallPlus
2008-12-14 05:07:47 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\PCToolsSpamMonitorPlus
2008-12-14 05:06:41 ----D---- C:\Program Files\PC Tools Internet Security
2008-12-14 05:06:41 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\PC Tools
2008-12-14 05:06:41 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-12-13 23:49:00 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-13 23:48:44 ----A---- C:\rapport.txt
2008-12-13 23:48:08 ----D---- C:\SmitfraudFix
2008-12-13 23:42:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-13 23:42:37 ----D---- C:\Program Files\Common Files\PC Tools
2008-12-13 23:39:29 ----SHD---- C:\WINDOWS\CSC
2008-12-13 23:39:18 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-13 23:13:32 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Help
2008-12-13 13:29:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-13 13:25:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-13 13:20:16 ----D---- C:\Program Files\NoAdware
2008-12-11 19:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 19:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 19:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 19:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-15 10:58:32 ----D---- C:\Program Files\AviSynth 2.5
2008-11-15 10:58:04 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-11-15 10:04:18 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\gtk-2.0
2008-11-12 19:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 19:29:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 3 months======

2009-02-03 21:42:53 ----D---- C:\Program Files\Mozilla Firefox
2009-02-03 21:42:35 ----D---- C:\WINDOWS\Temp
2009-02-03 21:42:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-03 21:42:30 ----RD---- C:\Program Files
2009-02-03 21:42:30 ----D---- C:\Program Files\Common Files
2009-02-03 21:40:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-03 21:40:33 ----D---- C:\WINDOWS\Prefetch
2009-02-03 21:40:00 ----D---- C:\WINDOWS\system32
2009-02-03 21:39:42 ----SD---- C:\WINDOWS\Tasks
2009-02-03 21:00:23 ----SHD---- C:\WINDOWS\Installer
2009-02-03 21:00:23 ----SHD---- C:\Config.Msi
2009-02-02 22:31:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-01 21:09:15 ----D---- C:\WINDOWS
2009-02-01 21:02:43 ----HD---- C:\WINDOWS\inf
2009-02-01 21:02:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-01 21:02:40 ----D---- C:\WINDOWS\system32\drivers
2009-02-01 21:02:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-31 11:36:13 ----SD---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Microsoft
2009-01-25 22:37:17 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Skype
2009-01-24 11:50:11 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Mozilla
2008-12-21 09:56:34 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-17 22:12:15 ----A---- C:\WINDOWS\imsins.BAK
2008-12-15 23:12:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-14 22:27:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-14 22:26:00 ----A---- C:\WINDOWS\wininit.ini
2008-12-14 08:02:34 ----D---- C:\WINDOWS\system
2008-12-13 20:37:48 ----D---- C:\Program Files\Vstplugins
2008-12-13 13:22:04 ----D---- C:\Program Files\MyPublisher
2008-12-13 08:41:15 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\Adobe
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 19:33:27 ----D---- C:\Program Files\Internet Explorer
2008-12-11 19:30:13 ----D---- C:\Documents and Settings\XXXXXXXXXX\Application Data\skypePM
2008-11-12 19:29:13 ----D---- C:\WINDOWS\WinSxS
2008-11-09 22:50:21 ----D---- C:\Program Files\Skype
2008-11-07 22:04:55 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-16 1918464]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-12-05 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2005-12-05 2010240]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424]
R3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-12-05 1103488]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-07-17 93952]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 ADM8211;Wireless PC Card; C:\WINDOWS\system32\DRIVERS\WLANPCI.sys [2003-01-28 86656]
S3 catchme;catchme; \??\C:\DOCUME~1\MEADOW~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 FWAuth;FWAuth Driver; \??\C:\WINDOWS\system32\drivers\FWAuthDriver.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-01 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40872]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66984]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81320]
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080116.038\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080116.038\NavEx15.Sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-16 434176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-30 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-28 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 navapsvc;Norton AntiVirus Auto Protect Service; D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [2002-08-19 116336]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools Internet Security\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\PC Tools Internet Security\pctsSvc.exe [2008-10-15 1079208]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []
S3 ThreatFire;ThreatFire; C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe [2008-06-06 66880]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe []

-----------------EOF-----------------

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

ComboFix Log

ComboFix 09-02-02.04 - XXXXXXXXXX 2009-02-03 23:27:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.534 [GMT -5:00]
Running from: c:\documents and settings\XXXXXXXXXX\Desktop\ComboFix.exe
AV: Internet Security Anti-Virus *On-access scanning disabled* (Updated)
FW: Internet Security Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\XXXXXXXXXX\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\tmp.reg
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-03 21:39 . 2009-02-03 21:39 <DIR> d-------- C:\_OTMoveIt
2009-02-01 15:13 . 2009-02-01 15:13 250 --a------ c:\windows\gmer.ini
2009-02-01 15:10 . 2009-02-01 15:10 <DIR> d-------- C:\rsit
2009-02-01 15:10 . 2009-02-02 22:42 <DIR> d-------- c:\program files\trend micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 04:30 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-04 04:29 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-03 03:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-01 18:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-26 03:37 --------- d-----w c:\documents and settings\XXXXXXXXXX\Application Data\Skype
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-21 14:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 14:56 --------- d-----w c:\program files\Hasbro Interactive
2008-12-21 14:56 --------- d-----w c:\program files\directx
2008-12-17 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 04:28 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-17 04:28 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-17 04:28 --------- d-----w c:\documents and settings\XXXXXXXXXX\Application Data\SUPERAntiSpyware.com
2008-12-17 00:50 --------- d-----w c:\documents and settings\XXXXXXXXXX\Application Data\Malwarebytes
2008-12-17 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 04:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-16 04:44 --------- d-----w c:\program files\PC Tools Internet Security
2008-12-15 04:16 --------- d-----w c:\program files\EsetOnlineScanner
2008-12-15 03:12 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-15 03:02 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-14 10:22 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-12-14 10:07 --------- d-----w c:\documents and settings\XXXXXXXXXX\Application Data\PCToolsSpamMonitorPlus
2008-12-14 10:07 --------- d-----w c:\documents and settings\XXXXXXXXXX\Application Data\PCToolsFirewallPlus
2008-12-14 10:06 --------- d-----w c:\program files\Common Files\PC Tools
2008-12-14 10:06 --------- d-----w c:\documents and settings\XXXXXXXXXX\Application Data\PC Tools
2008-12-14 10:06 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-12-14 01:37 --------- d-----w c:\program files\Vstplugins
2008-12-13 18:22 --------- d-----w c:\program files\NoAdware
2008-12-13 18:22 --------- d-----w c:\program files\MyPublisher
2008-12-12 00:30 --------- d-----w c:\documents and settings\XXXXXXXXXX\Application Data\skypePM
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-07-09 12:13 724,984 ----a-w c:\documents and settings\XXXXXXXXXX\gotomypc_437.exe
2008-05-30 04:31 70,048 ----a-w c:\documents and settings\XXXXXXXXXX\Application Data\GDIPFONTCACHEV1.DAT
2008-03-28 23:31 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-12-10 21:40 6,275,816 ----a-w c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2007-01-27 21:36 32 --sha-w c:\windows\{27364CC4-3A85-46DC-9C3D-102E2DACA8AF}.dat
2007-01-27 21:37 32 --sha-w c:\windows\{69E35503-C93B-4416-892D-EFF84FD715A2}.dat
2007-01-27 21:36 32 --sha-w c:\windows\system32\{8796714E-CE4B-472F-AF4D-324F1FCAFC61}.dat
2007-01-27 21:37 32 --sha-w c:\windows\system32\{8F9D0A58-1D9E-41CB-B324-230C650C03E2}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-16 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-01-27 100056]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2005-07-22 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-07-22 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="d:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]

c:\documents and settings\XXXXXXXXXX\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-17 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-02-18 82026]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-17 113664]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\XXXXXXXXXX\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\XXXXXXXXXX\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AUPDATE.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"=
"c:\\WINDOWS\\system32\\LVCOMSX.EXE"=
"d:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Distillr\\AcroTray.exe"=
"c:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\Directcd.exe"=
"c:\\WINDOWS\\system32\\devldr32.exe"=
"c:\\WINDOWS\\system32\\ElkCtrl.exe"=
"c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-14 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-14 38208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
S3 ADM8211;Wireless PC Card;c:\windows\system32\drivers\WLANPCI.sys [2003-01-28 86656]
S3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthDriver.sys [2008-12-14 58152]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [2008-12-14 356920]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-12-14 33088]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2008-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-842925246-725345543-1003.job
- c:\documents and settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 17:34]

2008-12-13 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- d:\progra~1\NORTON~1\NORTON~1\NAVW32.exe [2002-08-19 22:24]

2008-05-16 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- d:\program files\Norton SystemWorks\OBC.exe [2002-08-29 21:30]

2009-02-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CPM939b5daa - c:\windows\system32\suzezufu.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 193.129.184.167:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\XXXXXXXXXX\Application Data\Mozilla\Firefox\Profiles\sxiznyuw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\XXXXXXXXXX\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: d:\program files\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 23:30:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\devldr32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2009-02-03 23:32:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-04 04:32:49

Pre-Run: 13,942,104,064 bytes free
Post-Run: 13,876,068,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

213 --- E O F --- 2009-02-04 02:00:23

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:05, on 2/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.129.184.167:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\XXXXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169933971691
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe

--
End of file - 8824 bytes

Repeat the OTMoveIt3 step but this time with below script.. Post the log here after that..

:files
c:\windows\{27364CC4-3A85-46DC-9C3D-102E2DACA8AF}.dat
c:\windows\{69E35503-C93B-4416-892D-EFF84FD715A2}.dat
c:\windows\system32\{8796714E-CE4B-472F-AF4D-324F1FCAFC61}.dat
c:\windows\system32\{8F9D0A58-1D9E-41CB-B324-230C650C03E2}.dat

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan
  Wait for the scan to finish
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

Post me these logs in your next reply

1. OTMoveIt3
2. ESET Online Scanner
3. How's the computer now?

I did the OTMoveIt3 step and have posted the log below but I could not run the ESET Online Scanner. I used Internet Explorer and tried both the .eu and .com sites, but the ActiveX control could not be installed. Is there another online scanner I can use? I haven't experienced any pop ups tonight, so that's a good sign!

OTMoveIt3

========== FILES ==========
c:\windows\{27364CC4-3A85-46DC-9C3D-102E2DACA8AF}.dat moved successfully.
c:\windows\{69E35503-C93B-4416-892D-EFF84FD715A2}.dat moved successfully.
c:\windows\system32\{8796714E-CE4B-472F-AF4D-324F1FCAFC61}.dat moved successfully.
c:\windows\system32\{8F9D0A58-1D9E-41CB-B324-230C650C03E2}.dat moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02042009_220956