Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please


  • This topic is locked This topic is locked
8 replies to this topic

#1 Donny5001

Donny5001

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 11 March 2009 - 05:35 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28, on 2009-03-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\WINDOWS\system32\StacSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080718
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080718
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080718
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe svchostw.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (file missing)
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10510 bytes

BC AdBot (Login to Remove)

 


#2 Donny5001

Donny5001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 15 March 2009 - 03:46 PM

Title was: virusremover 2009, 360, more?, Please Help ~ OB

I have run many free virus removers (SUPERAntiSpyware, Counterspy, AVG, Threatfire, Malwarebytes) and even a Kaspersky (it was at 7.0 because this is my school laptop and it was installed on my desktop but I can't find the activation code) but they either don't find it or for some reason can't remove them (KAV didn't find it at all ): ). I am running the HiJackThis as I am typing this up

If anyone can help me remove these that would be great!!!

****I get popups with headline removespywarethreats.com 2009 and also online computer scan...






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45, on 2009-03-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080718
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080718
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (file missing)
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10868 bytes

Edited by Orange Blossom, 16 March 2009 - 10:55 PM.


#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:08 PM

Posted 18 March 2009 - 11:47 AM

Hello Donny5001,

NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of the SmitfraudFix report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Donny5001

Donny5001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 19 March 2009 - 11:10 PM

SmitFraudFix v2.405

Scan done at 20:30:40.01, 2009-03-19
Run from C:\Documents and Settings\Student\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Student


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Student\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Student\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Student\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C82D853-A300-4903-A70A-CB0D967DAB9C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C82D853-A300-4903-A70A-CB0D967DAB9C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6C82D853-A300-4903-A70A-CB0D967DAB9C}: DhcpNameServer=192.168.128.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:08 PM

Posted 20 March 2009 - 12:25 AM

Hi Donny,


I get popups with headline removespywarethreats.com 2009 and also online computer scan


SmitfraudFix did not find it, so we will dig deeper.

Download Lop S&D
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

You can enable them after the scan.

You can find a detailed instructions with visuals here

Double-click Lop S&D.exe

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 1 month
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (< info.txt can also be found at c:\RSIT\info.txt

Edited by SifuMike, 20 March 2009 - 12:30 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Donny5001

Donny5001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 20 March 2009 - 04:21 PM

Here is Lop I am running second program now




--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Mobile AMD Sempron™ Processor 3600+ )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05
USER : Student ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 7.0.0.125 (Not Activated)
Firewall : Kaspersky Anti-Virus 7.0.0.125 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:63 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-03-20|14:14 )

--------------------\\ Listing folders in APPLIC~1

[2008-07-17|19:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[2004-08-11|15:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[2008-07-17|18:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[2009-03-12|21:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2008-07-17|18:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[2008-07-17|19:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Wave Systems Corp

[2008-09-12|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-09-24|13:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-07-17|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
[2009-03-13|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2009-03-20|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[2009-03-11|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2009-02-07|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-07-17|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NTRU Cryptosystems
[2009-03-11|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[2008-09-12|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RosettaStoneLtdServices
[2004-08-11|15:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2009-03-14|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2009-03-11|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt
[2009-03-14|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[2009-03-20|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-07-17|19:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wave Systems Corp
[2008-08-28|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2009-02-04|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[2009-02-04|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[2008-07-17|19:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[2004-08-11|15:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2008-07-17|18:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield
[2008-07-17|18:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-07-17|18:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[2008-07-17|19:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Wave Systems Corp

[2009-03-12|21:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2009-03-12|21:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-09-12|15:20] C:\DOCUME~1\Student\APPLIC~1\Adobe
[2008-09-12|15:21] C:\DOCUME~1\Student\APPLIC~1\AdobeUM
[2008-07-17|19:16] C:\DOCUME~1\Student\APPLIC~1\ATI
[2009-03-12|21:05] C:\DOCUME~1\Student\APPLIC~1\AVGTOOLBAR
[2008-08-04|08:02] C:\DOCUME~1\Student\APPLIC~1\CyberLink
[2008-08-04|08:02] C:\DOCUME~1\Student\APPLIC~1\Dell
[2009-02-04|12:11] C:\DOCUME~1\Student\APPLIC~1\Google
[2004-08-11|15:20] C:\DOCUME~1\Student\APPLIC~1\Identities
[2008-07-17|18:59] C:\DOCUME~1\Student\APPLIC~1\InstallShield
[2008-09-12|13:41] C:\DOCUME~1\Student\APPLIC~1\Macromedia
[2009-03-11|16:39] C:\DOCUME~1\Student\APPLIC~1\Malwarebytes
[2009-03-18|21:47] C:\DOCUME~1\Student\APPLIC~1\Microsoft
[2008-08-04|08:03] C:\DOCUME~1\Student\APPLIC~1\Mozilla
[2009-03-20|14:08] C:\DOCUME~1\Student\APPLIC~1\OpenOffice.org2
[2008-07-17|18:57] C:\DOCUME~1\Student\APPLIC~1\Sun
[2009-03-11|18:34] C:\DOCUME~1\Student\APPLIC~1\Sunbelt
[2009-03-14|11:46] C:\DOCUME~1\Student\APPLIC~1\SUPERAntiSpyware.com
[2008-07-17|19:09] C:\DOCUME~1\Student\APPLIC~1\Wave Systems Corp
[2009-02-04|12:12] C:\DOCUME~1\Student\APPLIC~1\Yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[2009-03-09 07:41][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-04 03:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[2008-09-12|08:00] C:\Program Files\Adobe
[2008-07-17|18:42] C:\Program Files\Apoint
[2009-02-12|12:12] C:\Program Files\Ascentive
[2008-07-17|19:00] C:\Program Files\ATI Technologies
[2009-01-30|13:36] C:\Program Files\AVG
[2008-07-17|19:00] C:\Program Files\Broadcom
[2009-01-30|13:59] C:\Program Files\CCleaner
[2009-03-14|11:45] C:\Program Files\Common Files
[2004-08-11|15:12] C:\Program Files\ComPlus Applications
[2008-07-17|19:14] C:\Program Files\CONEXANT
[2008-07-17|19:17] C:\Program Files\CyberLink
[2008-07-17|19:16] C:\Program Files\Dell
[2008-07-17|18:59] C:\Program Files\Digital Line Detect
[2008-07-17|19:07] C:\Program Files\Fingerprint Sensor
[2009-03-15|12:19] C:\Program Files\Google
[2009-02-12|12:12] C:\Program Files\InstallShield Installation Information
[2009-03-18|21:18] C:\Program Files\Internet Explorer
[2009-03-10|09:47] C:\Program Files\Java
[2009-03-12|21:33] C:\Program Files\Kaspersky Lab
[2009-03-11|16:39] C:\Program Files\Malwarebytes' Anti-Malware
[2008-08-28|10:58] C:\Program Files\Messenger
[2004-08-11|15:15] C:\Program Files\microsoft frontpage
[2008-08-28|09:45] C:\Program Files\Movie Maker
[2009-03-20|14:12] C:\Program Files\Mozilla Firefox
[2009-01-30|13:56] C:\Program Files\MSECACHE
[2004-08-11|15:11] C:\Program Files\MSN
[2004-08-11|15:11] C:\Program Files\MSN Gaming Zone
[2008-08-28|10:56] C:\Program Files\MSXML 4.0
[2008-07-17|18:56] C:\Program Files\MSXML 6.0
[2008-08-28|09:43] C:\Program Files\NetMeeting
[2008-07-17|18:59] C:\Program Files\NetWaiting
[2008-07-17|19:03] C:\Program Files\NTRU Cryptosystems
[2009-01-30|18:21] C:\Program Files\OpenOffice.org 2.4
[2008-08-28|09:43] C:\Program Files\Outlook Express
[2009-03-11|13:58] C:\Program Files\Panda Security
[2008-09-24|13:38] C:\Program Files\QuickTime
[2008-09-12|13:45] C:\Program Files\RosettaStoneLtdServices
[2008-07-17|19:14] C:\Program Files\Sigmatel
[2009-03-11|11:07] C:\Program Files\Spybot - Search & Destroy
[2009-03-11|08:23] C:\Program Files\SpywareBlaster
[2009-03-11|18:33] C:\Program Files\Sunbelt Software
[2009-03-14|11:46] C:\Program Files\SUPERAntiSpyware
[2009-03-10|15:17] C:\Program Files\ThreatFire
[2009-03-11|15:27] C:\Program Files\Trend Micro
[2004-08-11|15:20] C:\Program Files\Uninstall Information
[2008-07-17|19:11] C:\Program Files\Wave Systems Corp
[2009-01-30|13:56] C:\Program Files\Windows Installer Clean Up
[2009-02-27|07:41] C:\Program Files\Windows Media Connect 2
[2009-02-27|07:41] C:\Program Files\Windows Media Player
[2008-08-28|09:43] C:\Program Files\Windows NT
[2004-08-11|15:13] C:\Program Files\WindowsUpdate
[2004-08-11|15:15] C:\Program Files\xerox
[2009-02-04|12:12] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[2008-09-12|15:22] C:\Program Files\Common Files\Adobe
[2008-09-24|13:38] C:\Program Files\Common Files\Apple
[2008-07-17|19:17] C:\Program Files\Common Files\InstallShield
[2008-07-17|18:57] C:\Program Files\Common Files\Java
[2009-01-30|18:24] C:\Program Files\Common Files\Microsoft Shared
[2004-08-11|15:12] C:\Program Files\Common Files\MSSoap
[2004-08-11|15:07] C:\Program Files\Common Files\ODBC
[2004-08-11|15:12] C:\Program Files\Common Files\Services
[2004-08-11|15:07] C:\Program Files\Common Files\SpeechEngines
[2008-08-28|09:43] C:\Program Files\Common Files\System
[2009-03-14|11:45] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 61 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 14:19:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:57][D:6]-> C:\DOCUME~1\Student\LOCALS~1\Temp
[F:20][D:0]-> C:\DOCUME~1\Student\Cookies
[F:1986][D:5]-> C:\DOCUME~1\Student\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2009-03-20|14:20 - Option : [1]

--------------------\\ Scan completed at 14:20:55

#7 Donny5001

Donny5001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 20 March 2009 - 04:24 PM

RSIT log-------------------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by Student at 2009-03-20 14:22:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 65 GB (86%) free of 76 GB
Total RAM: 894 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:50, on 2009-03-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Student\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Student.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080718
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080718
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (file missing)
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10476 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-13 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-03-15 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-03-13 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-13 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-04-15 159744]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2008-02-22 1245184]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 92160]
"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-09-14 218424]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-12-05 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-10 148888]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-03-03 263440]
"SBAMTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2008-10-28 681256]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-28 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-01-28 4363504]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-17 1830128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Student\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-04-24 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\Student\Local Settings\Temp\GLJEF.tmp"="C:\Documents and Settings\Student\Local Settings\Temp\GLJEF.tmp:*:Enabled:GLJEF"
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe"="C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Enabled:CLI Application (Command Line Interface)"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31e1dfa4-80db-11dd-a9f5-002170744adb}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-03-20 14:22:38 ----D---- C:\rsit
2009-03-20 14:14:11 ----A---- C:\lopR.txt
2009-03-20 14:13:40 ----D---- C:\Lop SD
2009-03-19 20:34:13 ----A---- C:\WINDOWS\system32\tmp.txt
2009-03-19 20:30:39 ----A---- C:\rapport.txt
2009-03-19 20:28:03 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-03-19 20:28:03 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-03-19 20:28:03 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-03-19 20:28:03 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\swsc.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\swreg.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\Process.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-03-19 20:28:02 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-03-14 11:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-14 11:46:05 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-14 11:46:05 ----D---- C:\Documents and Settings\Student\Application Data\SUPERAntiSpyware.com
2009-03-14 11:45:18 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-13 08:52:31 ----D---- C:\Temp
2009-03-12 21:33:17 ----D---- C:\Program Files\Kaspersky Lab
2009-03-12 21:33:17 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-03-11 18:34:19 ----D---- C:\Documents and Settings\Student\Application Data\Sunbelt
2009-03-11 18:34:08 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2009-03-11 18:33:12 ----D---- C:\Program Files\Sunbelt Software
2009-03-11 16:39:21 ----D---- C:\Documents and Settings\Student\Application Data\Malwarebytes
2009-03-11 16:38:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-11 16:38:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-11 15:27:29 ----D---- C:\Program Files\Trend Micro
2009-03-11 14:07:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-11 14:06:29 ----D---- C:\ComboFix
2009-03-11 14:06:27 ----A---- C:\WINDOWS\system32\CF909.exe
2009-03-11 11:06:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-11 11:06:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-11 09:11:02 ----A---- C:\Boot.bak
2009-03-11 09:10:33 ----RASHD---- C:\cmdcons
2009-03-11 08:42:36 ----A---- C:\WINDOWS\SWREG.exe
2009-03-11 08:42:35 ----A---- C:\WINDOWS\zip.exe
2009-03-11 08:42:35 ----A---- C:\WINDOWS\VFIND.exe
2009-03-11 08:42:35 ----A---- C:\WINDOWS\sed.exe
2009-03-11 08:42:35 ----A---- C:\WINDOWS\grep.exe
2009-03-11 08:42:35 ----A---- C:\WINDOWS\fdsv.exe
2009-03-11 08:42:34 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-11 08:42:34 ----A---- C:\WINDOWS\SWSC.exe
2009-03-11 08:42:11 ----D---- C:\WINDOWS\ERDNT
2009-03-11 08:41:11 ----D---- C:\Qoobox
2009-03-11 08:23:42 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-03-11 08:23:36 ----D---- C:\Program Files\SpywareBlaster
2009-03-11 07:59:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 07:59:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 07:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 13:49:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-10 13:49:19 ----D---- C:\Program Files\ThreatFire
2009-03-10 13:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-03-10 13:36:32 ----D---- C:\Program Files\Panda Security
2009-02-28 12:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-02-28 12:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-02-28 12:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-02-28 12:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-28 12:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-02-27 07:41:43 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-27 07:41:42 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-02-27 07:41:17 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-27 07:41:04 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-02-27 07:40:20 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-02-27 07:39:53 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-27 07:39:48 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-02-26 19:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

======List of files/folders modified in the last 1 months======

2009-03-20 14:22:25 ----D---- C:\Program Files\Mozilla Firefox
2009-03-20 14:10:47 ----D---- C:\WINDOWS\Temp
2009-03-20 14:09:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-20 14:09:15 ----D---- C:\WINDOWS
2009-03-20 14:08:44 ----D---- C:\WINDOWS\system32\drivers
2009-03-20 14:08:33 ----D---- C:\WINDOWS\Registration
2009-03-20 14:08:18 ----D---- C:\Documents and Settings\Student\Application Data\OpenOffice.org2
2009-03-19 20:34:33 ----D---- C:\WINDOWS\system32
2009-03-18 21:47:38 ----SD---- C:\Documents and Settings\Student\Application Data\Microsoft
2009-03-18 21:46:15 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-03-18 21:18:57 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-18 21:18:56 ----HD---- C:\WINDOWS\inf
2009-03-18 21:18:56 ----D---- C:\WINDOWS\system32\en-us
2009-03-18 21:18:56 ----D---- C:\WINDOWS\Help
2009-03-18 21:18:56 ----D---- C:\Program Files\Internet Explorer
2009-03-18 17:51:53 ----D---- C:\WINDOWS\WBEM
2009-03-18 17:51:19 ----D---- C:\WINDOWS\Media
2009-03-15 12:19:12 ----SHD---- C:\WINDOWS\Installer
2009-03-15 12:19:12 ----D---- C:\Program Files\Google
2009-03-14 11:46:05 ----RD---- C:\Program Files
2009-03-14 11:45:18 ----D---- C:\Program Files\Common Files
2009-03-13 15:59:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-03-12 21:05:44 ----D---- C:\Documents and Settings\Student\Application Data\AVGTOOLBAR
2009-03-12 17:11:08 ----HD---- C:\$AVG8.VAULT$
2009-03-11 09:11:02 ----RASH---- C:\boot.ini
2009-03-10 18:18:53 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 15:30:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-10 12:47:33 ----A---- C:\WINDOWS\system32\userinit.exe
2009-03-10 09:47:19 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-10 09:47:19 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-10 09:47:19 ----A---- C:\WINDOWS\system32\java.exe
2009-03-10 09:47:19 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-10 09:47:16 ----D---- C:\Program Files\Java
2009-03-09 07:34:30 ----D---- C:\WINDOWS\Prefetch
2009-02-28 12:57:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-27 07:41:26 ----A---- C:\WINDOWS\win.ini
2009-02-27 07:41:16 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2007-03-12 36864]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2008-09-12 13360]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2008-09-12 69168]
R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 161280]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-04-15 132608]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-04-24 1975808]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-20 160256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-05 1222840]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WaveFDE;Wave System Power Monitor Device Driver; C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 18176]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-04-24 446464]
R2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-10 152984]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2008-02-22 475136]
R2 RosettaStoneLtdController;RosettaStoneLtdController; C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2007-10-31 354648]
R2 SBAMSvc;CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-12-05 94208]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384]
R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 737280]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-03-03 70928]
R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400]
S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

-----------------EOF-----------------



RSIT info---------------------------------


info.txt logfile of random's system information tool 1.05 2009-03-20 14:22:55

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ATI Catalyst Control Center-->MsiExec.exe /I{636F5444-8C7C-40C6-A89B-A1D2F01DC7F6}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
biolsp patch-->MsiExec.exe /I{9593C6E5-205E-45C3-B785-05CF146CA76A}
Broadcom ASF Management Applications-->MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}
Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Drivers MSI-->MsiExec.exe /I{5EC5F187-9D2B-4051-8906-88656819A869}
Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Touchpad-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Document Manager Lite-->C:\Program Files\InstallShield Installation Information\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Center-->C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup-->C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
EMBASSY Trust Suite by Wave Systems-->C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x0009 -removeonly
ESC Home Page Plugin-->C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
Gemalto-->MsiExec.exe /I{EF05BA0F-AC15-4D12-AC5C-276225F5E751}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
Java™ 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NTRU TCG Software Stack-->MsiExec.exe /I{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
Preboot Manager-->MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
Private Information Manager-->C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rosetta Stone Ltd Services-->MsiExec.exe /X{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Secure Update-->C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Wizards-->C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
Trusted Drive Manager-->MsiExec.exe /I{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}
tsp patch-->MsiExec.exe /I{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
upekmsi-->MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}
Wave Infrastructure Installer-->MsiExec.exe /I{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}
Wave Support Software-->C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: Avira AntiVir PersonalEdition
AV: Kaspersky Anti-Virus (disabled) (outdated)
FW: Kaspersky Anti-Virus (disabled)

System event log

Computer Name: W83001
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001644E380CE. The IP address being used is 169.254.202.39.

Record Number: 1816
Source Name: Dhcp
Time Written: 20090209072553.000000-480
Event Type: warning
User:

Computer Name: W83001
Event Code: 1002
Message: The IP address lease 10.61.32.80 for the Network Card with network address 001644E380CE has been
denied by the DHCP server 10.61.32.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 1815
Source Name: Dhcp
Time Written: 20090209072451.000000-480
Event Type: error
User:

Computer Name: W83001
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001644E380CE. The IP address being used is 169.254.202.39.

Record Number: 1814
Source Name: Dhcp
Time Written: 20090209072253.000000-480
Event Type: warning
User:

Computer Name: W83001
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001644E380CE. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1813
Source Name: Dhcp
Time Written: 20090209072251.000000-480
Event Type: warning
User:

Computer Name: W83001
Event Code: 4201
Message: The system detected that network adapter Dell...WLAN Mini-Card - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 1812
Source Name: Tcpip
Time Written: 20090209072217.000000-480
Event Type: information
User:

Application event log

Computer Name: W83001
Event Code: 2444
Message: MS DTC started with the following settings:



Security Configuration (OFF = 0 and ON = 1):

Network Administration of Transactions = 0,

Network Clients = 0,

Inbound Distributed Transactions using Native MSDTC Protocol = 0,

Outbound Distributed Transactions using Native MSDTC Protocol = 0,

Transaction Internet Protocol (TIP) = 0,

XA Transactions = 0
Record Number: 347
Source Name: MSDTC
Time Written: 20090310164720.000000-480
Event Type: information
User:

Computer Name: W83001
Event Code: 1
Message:
Record Number: 346
Source Name: avg8emc
Time Written: 20090310164703.000000-480
Event Type: information
User:

Computer Name: W83001
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 345
Source Name: SecurityCenter
Time Written: 20090310164654.000000-480
Event Type: information
User:

Computer Name: W83001
Event Code: 4096
Message:
Record Number: 344
Source Name: Avira AntiVir
Time Written: 20090310164646.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: W83001
Event Code: 0
Message: Service started successfully.

Record Number: 343
Source Name: TdmService
Time Written: 20090310164639.000000-480
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5;C:\Program Files\Gemplus\GemSafe Libraries\BIN;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 124 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=7c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:08 PM

Posted 20 March 2009 - 10:01 PM

Hi Donny5001,


get popups with headline removespywarethreats.com 2009 and also online computer scan



Do you get the removespywarethreats.com 2009 popups in FireFox too? Or only in IE7?

Uninstall
Java™ 6 Update
Java™ 6 Update 5
Java™ 6 Update 7
Internet Explorer v6.00


IE6 is full of holes.
Download and install either IE7 or IE8 (just released)



Download Security Check by screen317 from here or here and save it to your Desktop.
Unzip SecurityCheck.zip and a folder named Security Check should appear.
Open the Security Check folder and double-click Security Check.bat
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

I can see combofix in your log. :thumbup2: Did you run combofix by yourself?

Edited by SifuMike, 20 March 2009 - 11:42 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:08 PM

Posted 28 March 2009 - 10:54 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users