Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan trying to attack universal plug in


  • This topic is locked This topic is locked
19 replies to this topic

#1 Yadev

Yadev

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban, South Africa
  • Local time:08:26 AM

Posted 03 April 2009 - 06:16 AM

Here is the log. I had a rootkit-agent.cw but got rid of it recently.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:21, on 4/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Yadev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Yadev\eumbntq.exe \s,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5859 bytes

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 03 April 2009 - 07:45 AM

Hi,

I will handle your log. As I am in training, all my fixes have to be checked.
I'll get back to you as soon as is possible. :thumbup2:

#3 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 04 April 2009 - 04:44 AM

Hi,

1. Go to Virustotal.com
Upload the following file by copy/paste the following into the file-field (so do not use "Browse"!)): C:\Documents and Settings\Yadev\eumbntq.exe
Wait untill the results appear, and post them in your next reply.

2.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


#4 Yadev

Yadev
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban, South Africa

Posted 04 April 2009 - 07:11 AM

Hi.

The file "eumbntq.exe" is not there anymore, it seems to have dissapeared. I also searched for it and nothing was found. I'll try step 2 and re-run hjt and post the results.

Thanks,
Yadev

#5 Yadev

Yadev
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban, South Africa

Posted 04 April 2009 - 07:27 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:20, on 4/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Yadev\eumbntq.exe \s,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5425 bytes

#6 Yadev

Yadev
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban, South Africa
  • Local time:08:26 AM

Posted 04 April 2009 - 07:43 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Yadev at 2009-04-04 14:40:41
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 893 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:54, on 4/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Yadev\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Yadev.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Yadev\eumbntq.exe \s,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5424 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-507921405-725345543-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-24 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-24 1601304]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-03-20 331776]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"XFILTER"=C:\Program Files\Filseclab\xfilter\xfilter.exe [2005-07-27 897284]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 2235920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Filseclab Messenger.lnk - C:\Program Files\Common Files\Filseclab\FilMsg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-24 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideClock"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\jdk1.5.0_16\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_16\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"D:\NeroExpress\Installation\Setupx.exe"="D:\NeroExpress\Installation\Setupx.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\Yadev\Desktop\Warcraft III\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Yadev\Desktop\Warcraft III\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe"="C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Disabled:GRAW"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ENABLE"
"C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgui.exe"="C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgscanx.exe"="C:\Program Files\AVG\AVG8\avgscanx.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Yadev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Yadev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgcsrvx.exe"="C:\Program Files\AVG\AVG8\avgcsrvx.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\ssstars.scr"="C:\WINDOWS\system32\ssstars.scr:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ENABLE"
"C:\WINDOWS\hh.exe"="C:\WINDOWS\hh.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ENABLE"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ENABLE"
"C:\WINDOWS\system32\RUNDLL32.EXE"="C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgtray.exe"="C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:ENABLE"
"C:\Program Files\AGEIA Technologies\TrayIcon.exe"="C:\Program Files\AGEIA Technologies\TrayIcon.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\INTRO.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3035452e-64ae-11dd-88e7-00138f520953}]
shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44916ada-648d-11dd-88e6-00138f520953}]
shell\AutoRun\command - H:\SYSTEM\G-923-321232-3232-32211-23\memory.exe
shell\open\command - H:\SYSTEM\G-923-321232-3232-32211-23\memory.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ce00fc-1c43-11de-8a20-00e04d61112b}]
shell\AutoRun\command - E:\SYSTEM\G-923-321232-3232-32211-23\memory.exe
shell\open\command - E:\SYSTEM\G-923-321232-3232-32211-23\memory.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f063576-6940-11dd-88f3-00138f520953}]
shell\Auto\command - E:\MicrosoftPowerPoint.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ac246cd-783c-11dd-8918-00138f520953}]
shell\AutoRun\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe
shell\open\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8001830e-9217-11dd-8962-00138f520953}]
shell\AutoRun\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8485fc1e-8647-11dd-8930-00138f520953}]
shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe
shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ebdfe0-ada0-11dd-8979-00138f520953}]
shell\AutoRun\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe
shell\open\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da48222e-704c-11dd-890a-00138f520953}]
shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e60cdb1c-6fa3-11dd-8907-00138f520953}]
shell\AutoRun\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe
shell\open\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe


======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-04-04 14:40:41 ----D---- C:\rsit
2009-04-03 20:18:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-03 20:16:23 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-04-03 20:16:22 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-04-03 11:10:06 ----D---- C:\Program Files\Sophos
2009-04-02 17:55:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-02 17:55:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-02 15:42:33 ----D---- C:\Program Files\ThreatFire
2009-04-02 15:42:33 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-04-02 14:43:03 ----D---- C:\Program Files\Common Files\Filseclab
2009-04-02 14:43:02 ----D---- C:\Program Files\Filseclab
2009-04-02 14:38:49 ----D---- C:\Program Files\Lavasoft
2009-04-02 14:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-02 14:38:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-01 17:03:32 ----D---- C:\Program Files\SpywareBlaster
2009-04-01 16:10:40 ----D---- C:\WINDOWS\system32\NtmsData
2009-03-26 16:55:11 ----D---- C:\WINDOWS\system32\ageia
2009-03-26 16:55:10 ----D---- C:\Program Files\AGEIA Technologies
2009-03-26 16:48:47 ----D---- C:\Program Files\Ubisoft
2009-03-25 11:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-03-25 11:43:24 ----D---- C:\Program Files\Common Files\EasyInfo
2009-03-24 17:39:14 ----HD---- C:\$AVG8.VAULT$
2009-03-23 15:37:47 ----D---- C:\NVIDIA
2009-03-09 16:18:08 ----D---- C:\Program Files\Disc2Phone
2009-03-06 22:03:29 ----D---- C:\Program Files\Common Files\Download Manager

======List of files/folders modified in the last 1 months======

2009-04-04 14:40:27 ----D---- C:\WINDOWS\Prefetch
2009-04-04 14:17:34 ----D---- C:\Program Files\Mozilla Firefox
2009-04-04 13:59:53 ----D---- C:\WINDOWS\Temp
2009-04-04 12:46:45 ----D---- C:\WINDOWS\system32
2009-04-04 12:46:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-03 23:28:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-03 22:06:56 ----D---- C:\WINDOWS
2009-04-03 21:58:06 ----D---- C:\WINDOWS\system32\drivers
2009-04-03 21:44:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-03 21:42:45 ----SHD---- C:\WINDOWS\Installer
2009-04-03 21:42:45 ----D---- C:\Config.Msi
2009-04-03 21:41:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-03 21:41:56 ----D---- C:\WINDOWS\PCHEALTH
2009-04-03 20:39:21 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-03 20:22:59 ----A---- C:\rapport.txt
2009-04-03 20:20:41 ----A---- C:\WINDOWS\system32\tmp.txt
2009-04-03 12:34:37 ----D---- C:\Temp
2009-04-03 11:23:37 ----SHD---- C:\System Volume Information
2009-04-03 11:23:37 ----D---- C:\WINDOWS\system32\Restore
2009-04-03 11:10:06 ----RD---- C:\Program Files
2009-04-02 18:27:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-02 14:43:03 ----D---- C:\Program Files\Common Files
2009-04-02 14:43:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-02 14:41:28 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-01 21:07:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-01 20:24:00 ----D---- C:\Documents and Settings\Yadev\Application Data\OpenOffice.org2
2009-04-01 20:07:24 ----D---- C:\Program Files\Unlocker
2009-04-01 17:36:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 16:48:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 15:58:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-01 15:13:22 ----HD---- C:\WINDOWS\inf
2009-03-30 16:22:47 ----SHD---- C:\Documents and Settings\Yadev\Application Data\.#
2009-03-27 19:07:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-27 19:07:32 ----D---- C:\Program Files\Common Files\Adobe
2009-03-26 16:55:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-26 16:45:33 ----RSD---- C:\WINDOWS\Fonts
2009-03-25 14:19:57 ----D---- C:\Documents and Settings\Yadev\Application Data\log
2009-03-25 11:44:21 ----D---- C:\Program Files\Electronic Arts
2009-03-24 17:10:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-24 17:09:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-24 14:53:41 ----D---- C:\WINDOWS\nview
2009-03-23 15:39:28 ----D---- C:\WINDOWS\Help
2009-03-18 16:03:35 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-24 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-24 27656]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 BS_I2cIo;BS_I2cIo; \??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\System32\DRIVERS\AVerBDA3x.sys [2006-12-14 1171456]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2003-03-28 3840]
R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2008-12-12 94208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-18 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-02-07 27136]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-12 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-08-11 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\System32\DRIVERS\UimBus.sys []
S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys []
S2 ati64si;ati64si; \??\C:\WINDOWS\system32\drivers\ati64si.sys []
S2 port135sik;port135sik; \??\C:\WINDOWS\system32\drivers\port135sik.sys []
S3 ASFWHide;ASFWHide; \??\C:\DOCUME~1\Yadev\LOCALS~1\Temp\ASFWHide []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-09-29 1036928]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2004-09-29 219136]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\79.tmp []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-06-01 227712]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\System32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2004-09-29 702592]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-22 66872]
S2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-08-31 77944]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-04-04 14:40:56

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 6.0 Standard Trial-->MsiExec.exe /I{E60EF56C-C330-4575-8463-921E70D1458B}
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
AGEIA PhysX v2.3.3-->"C:\Program Files\AGEIA Technologies\uninstall.exe"
Any Audio Converter 1.0.2-->"C:\Program Files\Any Audio Converter\unins000.exe"
Ashampoo WinOptimizer 4.41-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AutoCAD 2006 - English-->MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\Autodesk DWF Viewer\Setup.exe /remove
AVerMedia M135-Series PCI TV Tuner 3.5.0.49-->C:\Program Files\AVerMedia\AVerMedia M135-Series PCI TV Tuner\uninst.exe
AVerTV-->C:\Program Files\InstallShield Installation Information\{FC87BEA8-5582-476C-A754-41F3A9D976D4}\setup.exe -runfromtemp -l0x0409
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlindWrite 6-->"C:\Program Files\VSO\BlindWrite6\unins000.exe"
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDRWIN-->C:\PROGRA~1\CDRWIN\UNWISE.EXE C:\PROGRA~1\CDRWIN\INSTALL.LOG
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
DAEMON Tools-->MsiExec.exe /I{2DF9A978-DEA1-4433-805D-66790FC28C62}
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX 4.0 Final Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Filseclab Personal Firewall-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48A4D5B9-0439-4731-9C2C-292AB9CDC54A}\Setup.exe"
Ghost Recon Advanced Warfighter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFC97089-04D6-42CE-A707-A343B4A7D2CD}\setup.exe" -l0x9
Harry Potter and the Goblet of Fire™-->C:\Program Files\Electronic Arts\Harry Potter and the Goblet of Fire\EAUninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
J2SE Development Kit 5.0 Update 16-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150160}
J2SE Runtime Environment 5.0 Update 16-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150160}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
jGRASP-->"C:\Program Files\jGRASP\uninstall.exe"
KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"
K-Lite Codec Pack 3.7.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lexmark 2300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
LimeWire 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mario Forever v 2.16 !-->C:\Buziol Games\Mario Forever\UnMario.exe
MediaCoder 0.6.0-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MXit PC 1.3.0.5 BETA-->MsiExec.exe /X{E70EE2F5-4273-443D-ACAE-9C67EBC1CFEA}
Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nero 7 Essentials-->MsiExec.exe /X{BD49141C-188C-4B75-9F46-C2C42F2D1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.0-->"C:\Program Files\NetBeans 6.0\uninstall.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.3-->MsiExec.exe /I{CA8C4435-4DF7-4FEB-9C87-4AB93DE8FD7B}
Opera 9.24-->MsiExec.exe /X{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}
PCI SoftV92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QSuite Ver2.1-->"C:\Program Files\QSuite\unins000.exe"
Quick StartUp 2.3-->"C:\Program Files\Quick StartUp\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\Professional\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE C:\WINDOWS\system32\Macromed\Shockwave 8\Install.log
skullcur-->MsiExec.exe /X{7D495E49-94C0-4C8B-98A3-C60BCF37924C}
Sony Ericsson PC Suite-->MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}
Sophos Anti-Rootkit 1.3.1-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
SoundTap Streaming Audio Recorder-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
The Playa-->"C:\Program Files\The Playa\uninstall.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordWeb-->C:\Program Files\WordWeb\uninst.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\Yinsthelper.dll
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
YouTube Downloader 3000 ver. 1.0.2.0-->"C:\Program Files\YouTube Downloader 3000\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
FW: Filseclab Personal Firewall

======System event log======

Computer Name: YADEV-OYW7D17YZ
Event Code: 7001
Message: The Infrared Monitor service depends on the Terminal Services service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 11427
Source Name: Service Control Manager
Time Written: 20090208153347.000000+120
Event Type: error
User:

Computer Name: YADEV-OYW7D17YZ
Event Code: 1002
Message: The IP address lease 192.168.1.3 for the Network Card with network address 00E04D61112B has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 11426
Source Name: Dhcp
Time Written: 20090208153320.000000+120
Event Type: error
User:

Computer Name: YADEV-OYW7D17YZ
Event Code: 7034
Message: The SSDP Discovery Service service terminated unexpectedly. It has done this 2 time(s).

Record Number: 11408
Source Name: Service Control Manager
Time Written: 20090208152920.000000+120
Event Type: error
User:

Computer Name: YADEV-OYW7D17YZ
Event Code: 7034
Message: The WebClient service terminated unexpectedly. It has done this 1 time(s).

Record Number: 11403
Source Name: Service Control Manager
Time Written: 20090208152917.000000+120
Event Type: error
User:

Computer Name: YADEV-OYW7D17YZ
Event Code: 7034
Message: The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).

Record Number: 11402
Source Name: Service Control Manager
Time Written: 20090208152917.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: YADEV-OYW7D17YZ
Event Code: 1000
Message: Faulting application intro.exe, version 10.571.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0003a30a.

Record Number: 3256
Source Name: Application Error
Time Written: 20090228172337.000000+120
Event Type: error
User:

Computer Name: YADEV-OYW7D17YZ
Event Code: 20
Message:
Record Number: 3254
Source Name: Google Update
Time Written: 20090228162929.000000+120
Event Type: error
User: YADEV-OYW7D17YZ\Yadev

Computer Name: YADEV-OYW7D17YZ
Event Code: 20
Message:
Record Number: 3253
Source Name: Google Update
Time Written: 20090228152927.000000+120
Event Type: error
User: YADEV-OYW7D17YZ\Yadev

Computer Name: YADEV-OYW7D17YZ
Event Code: 20
Message:
Record Number: 3252
Source Name: Google Update
Time Written: 20090228142929.000000+120
Event Type: error
User: YADEV-OYW7D17YZ\Yadev

Computer Name: YADEV-OYW7D17YZ
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.0.3257, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Record Number: 3251
Source Name: Application Error
Time Written: 20090228134151.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Autodesk Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEFAULT_CA_NR"=CA6
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#7 Yadev

Yadev
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban, South Africa
  • Local time:08:26 AM

Posted 04 April 2009 - 10:48 AM

Sorry the topic heading should read "Trojan trying to attack universal plug and play"

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 04 April 2009 - 10:50 AM

Hi,

First plug in all your flash drives (usb-sticks etc.) to your computer. Then, do the following:

1. Download Flash Disinfector to your desktop.
Run it.

2. Now, post a new RSIT-logfile.

#9 Yadev

Yadev
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban, South Africa
  • Local time:08:26 AM

Posted 05 April 2009 - 11:21 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Yadev at 2009-04-05 18:19:06
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (16%) free of 76 GB
Total RAM: 893 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:29, on 4/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Yadev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Yadev\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Yadev.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Yadev\eumbntq.exe \s,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5520 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-507921405-725345543-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-24 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-24 1601304]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-03-20 331776]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"XFILTER"=C:\Program Files\Filseclab\xfilter\xfilter.exe [2005-07-27 897284]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 2235920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Filseclab Messenger.lnk - C:\Program Files\Common Files\Filseclab\FilMsg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-24 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"HideClock"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\jdk1.5.0_16\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_16\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"D:\NeroExpress\Installation\Setupx.exe"="D:\NeroExpress\Installation\Setupx.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\Yadev\Desktop\Warcraft III\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Yadev\Desktop\Warcraft III\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe"="C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Disabled:GRAW"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ENABLE"
"C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgui.exe"="C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgscanx.exe"="C:\Program Files\AVG\AVG8\avgscanx.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Yadev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Yadev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgcsrvx.exe"="C:\Program Files\AVG\AVG8\avgcsrvx.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\ssstars.scr"="C:\WINDOWS\system32\ssstars.scr:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ENABLE"
"C:\WINDOWS\hh.exe"="C:\WINDOWS\hh.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ENABLE"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ENABLE"
"C:\WINDOWS\system32\RUNDLL32.EXE"="C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgtray.exe"="C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:ENABLE"
"C:\Program Files\AGEIA Technologies\TrayIcon.exe"="C:\Program Files\AGEIA Technologies\TrayIcon.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\INTRO.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3035452e-64ae-11dd-88e7-00138f520953}]
shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44916ada-648d-11dd-88e6-00138f520953}]
shell\AutoRun\command - H:\SYSTEM\G-923-321232-3232-32211-23\memory.exe
shell\open\command - H:\SYSTEM\G-923-321232-3232-32211-23\memory.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ce00fc-1c43-11de-8a20-00e04d61112b}]
shell\AutoRun\command - E:\SYSTEM\G-923-321232-3232-32211-23\memory.exe
shell\open\command - E:\SYSTEM\G-923-321232-3232-32211-23\memory.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f063576-6940-11dd-88f3-00138f520953}]
shell\Auto\command - E:\MicrosoftPowerPoint.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ac246cd-783c-11dd-8918-00138f520953}]
shell\AutoRun\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe
shell\open\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8001830e-9217-11dd-8962-00138f520953}]
shell\AutoRun\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8485fc1e-8647-11dd-8930-00138f520953}]
shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe
shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ebdfe0-ada0-11dd-8979-00138f520953}]
shell\AutoRun\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe
shell\open\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da48222e-704c-11dd-890a-00138f520953}]
shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e60cdb1c-6fa3-11dd-8907-00138f520953}]
shell\AutoRun\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe
shell\open\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\SYS32.exe


======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-04-04 22:18:08 ----RASHD---- C:\autorun.inf
2009-04-04 14:40:41 ----D---- C:\rsit
2009-04-03 20:18:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-03 20:16:23 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-04-03 20:16:22 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-04-03 11:10:06 ----D---- C:\Program Files\Sophos
2009-04-02 17:55:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-02 17:55:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-02 15:42:33 ----D---- C:\Program Files\ThreatFire
2009-04-02 15:42:33 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-04-02 14:43:03 ----D---- C:\Program Files\Common Files\Filseclab
2009-04-02 14:43:02 ----D---- C:\Program Files\Filseclab
2009-04-02 14:38:49 ----D---- C:\Program Files\Lavasoft
2009-04-02 14:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-02 14:38:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-01 17:03:32 ----D---- C:\Program Files\SpywareBlaster
2009-04-01 16:10:40 ----D---- C:\WINDOWS\system32\NtmsData
2009-03-26 16:55:11 ----D---- C:\WINDOWS\system32\ageia
2009-03-26 16:55:10 ----D---- C:\Program Files\AGEIA Technologies
2009-03-26 16:48:47 ----D---- C:\Program Files\Ubisoft
2009-03-25 11:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-03-25 11:43:24 ----D---- C:\Program Files\Common Files\EasyInfo
2009-03-24 17:39:14 ----HD---- C:\$AVG8.VAULT$
2009-03-23 15:37:47 ----D---- C:\NVIDIA
2009-03-09 16:18:08 ----D---- C:\Program Files\Disc2Phone
2009-03-06 22:03:29 ----D---- C:\Program Files\Common Files\Download Manager

======List of files/folders modified in the last 1 months======

2009-04-05 18:15:00 ----D---- C:\WINDOWS\Temp
2009-04-05 18:10:38 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-05 18:06:29 ----D---- C:\Program Files\Mozilla Firefox
2009-04-05 17:53:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-05 17:51:33 ----D---- C:\WINDOWS\system32
2009-04-05 17:51:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-04 22:20:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-04 22:18:29 ----D---- C:\WINDOWS\Prefetch
2009-04-04 21:52:24 ----SHD---- C:\Documents and Settings\Yadev\Application Data\.#
2009-04-04 21:50:32 ----D---- C:\WINDOWS
2009-04-03 21:58:06 ----D---- C:\WINDOWS\system32\drivers
2009-04-03 21:42:45 ----SHD---- C:\WINDOWS\Installer
2009-04-03 21:42:45 ----D---- C:\Config.Msi
2009-04-03 21:41:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-03 21:41:56 ----D---- C:\WINDOWS\PCHEALTH
2009-04-03 20:22:59 ----A---- C:\rapport.txt
2009-04-03 20:20:41 ----A---- C:\WINDOWS\system32\tmp.txt
2009-04-03 12:34:37 ----D---- C:\Temp
2009-04-03 11:23:37 ----SHD---- C:\System Volume Information
2009-04-03 11:23:37 ----D---- C:\WINDOWS\system32\Restore
2009-04-03 11:10:06 ----RD---- C:\Program Files
2009-04-02 18:27:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-02 14:43:03 ----D---- C:\Program Files\Common Files
2009-04-02 14:43:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-02 14:41:28 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-01 21:07:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-01 20:24:00 ----D---- C:\Documents and Settings\Yadev\Application Data\OpenOffice.org2
2009-04-01 20:07:24 ----D---- C:\Program Files\Unlocker
2009-04-01 17:36:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 16:48:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 15:58:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-01 15:13:22 ----HD---- C:\WINDOWS\inf
2009-03-27 19:07:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-27 19:07:32 ----D---- C:\Program Files\Common Files\Adobe
2009-03-26 16:55:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-26 16:45:33 ----RSD---- C:\WINDOWS\Fonts
2009-03-25 14:19:57 ----D---- C:\Documents and Settings\Yadev\Application Data\log
2009-03-25 11:44:21 ----D---- C:\Program Files\Electronic Arts
2009-03-24 17:10:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-24 17:09:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-24 14:53:41 ----D---- C:\WINDOWS\nview
2009-03-23 15:39:28 ----D---- C:\WINDOWS\Help
2009-03-18 16:03:35 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-24 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-24 27656]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 BS_I2cIo;BS_I2cIo; \??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\System32\DRIVERS\AVerBDA3x.sys [2006-12-14 1171456]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2003-03-28 3840]
R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2008-12-12 94208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-18 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-02-07 27136]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-12 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-08-11 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\System32\DRIVERS\UimBus.sys []
S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys []
S2 ati64si;ati64si; \??\C:\WINDOWS\system32\drivers\ati64si.sys []
S2 port135sik;port135sik; \??\C:\WINDOWS\system32\drivers\port135sik.sys []
S3 ASFWHide;ASFWHide; \??\C:\DOCUME~1\Yadev\LOCALS~1\Temp\ASFWHide []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-09-29 1036928]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2004-09-29 219136]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\79.tmp []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-06-01 227712]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\System32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2004-09-29 702592]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-22 66872]
S2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-08-31 77944]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 05 April 2009 - 01:31 PM

Hi,

1. Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Then close all windows except HijackThis and click Fix Checked.

2. restart your computer.

3. Download ERUNT from Derfisch or MVPS and save it to your desktop.

Please follow Step 4 onwards of the Installing & Using ERUNT to back up your registry. Skip Step 19 for now.

4. Download OTMoveIt3 (by OldTimer) to your desktop.* Doubleclick on OTMoveIt3.exe.
* Copy (select and press Ctrl-C) all bold text below:

:Processes
explorer.exe

:Services
amd64si
ati64si

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3035452e-64ae-11dd-88e7-00138f520953}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44916ada-648d-11dd-88e6-00138f520953}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ce00fc-1c43-11de-8a20-00e04d61112b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f063576-6940-11dd-88f3-00138f520953}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ac246cd-783c-11dd-8918-00138f520953}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8001830e-9217-11dd-8962-00138f520953}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8485fc1e-8647-11dd-8930-00138f520953}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ebdfe0-ada0-11dd-8979-00138f520953}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da48222e-704c-11dd-890a-00138f520953}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e60cdb1c-6fa3-11dd-8907-00138f520953}]

:Files
C:\autorun.inf
C:\WINDOWS\system32\drivers\amd64si.sys
C:\WINDOWS\system32\drivers\ati64si.sys
C:\Documents and Settings\Yadev\Application Data\.#
G:\INTRO.EXE
H:\SYSTEM\G-923-321232-3232-32211-23
E:\SYSTEM\G-923-321232-3232-32211-23
E:\MicrosoftPowerPoint.exe
F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013
E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013
E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013

:Commands
[emptytemp]
[start explorer]
[Reboot]

* Paste the copied text (druk Ctrl-V) into the "Paste List of Files/Folders to be moved" window
* Click on the red MoveIt! button
* Copy and paste the contents of the right result-window in your next reply,
(or paste the log, you can find under C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).
* Close OTMoveIt3
When I file or folder can't be moved directly,
the program could ask to restart your computer to finish the process.
If so, click Ja/Yes.

5. Go to Virustotal.com
Upload the following file by copy/paste the following (so do not use "Browse"!): C:\Documents and Settings\Yadev\eumbntq.exe
Wait untill the results appear, and post them in your next reply. :thumbup2:

Do this also with this file: C:\WINDOWS\system32\79.tmp


Post the requested logfiles, together with a new RSIT-logfile.

#11 Yadev

Yadev
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban, South Africa
  • Local time:08:26 AM

Posted 05 April 2009 - 03:20 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver amd64si deleted successfully.

Service\Driver ati64si deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3035452e-64ae-11dd-88e7-00138f520953}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44916ada-648d-11dd-88e6-00138f520953}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ce00fc-1c43-11de-8a20-00e04d61112b}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f063576-6940-11dd-88f3-00138f520953}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ac246cd-783c-11dd-8918-00138f520953}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8001830e-9217-11dd-8962-00138f520953}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8485fc1e-8647-11dd-8930-00138f520953}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ebdfe0-ada0-11dd-8979-00138f520953}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da48222e-704c-11dd-890a-00138f520953}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e60cdb1c-6fa3-11dd-8907-00138f520953}\\ deleted successfully.
========== FILES ==========
C:\autorun.inf moved successfully.
File/Folder C:\WINDOWS\system32\drivers\amd64si.sys not found.
File/Folder C:\WINDOWS\system32\drivers\ati64si.sys not found.
C:\Documents and Settings\Yadev\Application Data\.# moved successfully.
File/Folder G:\INTRO.EXE not found.
File/Folder H:\SYSTEM\G-923-321232-3232-32211-23 not found.
File/Folder E:\SYSTEM\G-923-321232-3232-32211-23 not found.
File/Folder E:\MicrosoftPowerPoint.exe not found.
File/Folder F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 not found.
File/Folder E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 not found.
File/Folder E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Yadev\LOCALS~1\Temp\etilqs_v9dLv7xKz1ltSOHxH3h7 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Yadev\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_220718

Files moved on Reboot...
File C:\DOCUME~1\Yadev\LOCALS~1\Temp\etilqs_v9dLv7xKz1ltSOHxH3h7 not found!
C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Yadev\Local Settings\Application Data\Mozilla\Firefox\Profiles\xglg9rrt.default\urlclassifier3.sqlite moved successfully.

____________________________________________________________________________________________________

Sorry I can't find the files that you want me to scan in virustotal.com - "C:\Documents and Settings\Yadev\eumbntq.exe" and "C:\WINDOWS\system32\79.tmp".

#12 Yadev

Yadev
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban, South Africa

Posted 05 April 2009 - 03:22 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Yadev at 2009-04-05 22:21:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (16%) free of 76 GB
Total RAM: 893 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:33, on 4/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Yadev\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Yadev.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Yadev\eumbntq.exe \s,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5228 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-507921405-725345543-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-24 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-24 1601304]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-03-20 331776]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"XFILTER"=C:\Program Files\Filseclab\xfilter\xfilter.exe [2005-07-27 897284]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 2235920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Filseclab Messenger.lnk - C:\Program Files\Common Files\Filseclab\FilMsg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-24 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"HideClock"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\jdk1.5.0_16\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_16\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"D:\NeroExpress\Installation\Setupx.exe"="D:\NeroExpress\Installation\Setupx.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\Yadev\Desktop\Warcraft III\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Yadev\Desktop\Warcraft III\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe"="C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Disabled:GRAW"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ENABLE"
"C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgui.exe"="C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgscanx.exe"="C:\Program Files\AVG\AVG8\avgscanx.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Yadev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Yadev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgcsrvx.exe"="C:\Program Files\AVG\AVG8\avgcsrvx.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\ssstars.scr"="C:\WINDOWS\system32\ssstars.scr:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ENABLE"
"C:\WINDOWS\hh.exe"="C:\WINDOWS\hh.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ENABLE"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ENABLE"
"C:\WINDOWS\system32\RUNDLL32.EXE"="C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:ENABLE"
"C:\Program Files\AVG\AVG8\avgtray.exe"="C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:ENABLE"
"C:\Program Files\AGEIA Technologies\TrayIcon.exe"="C:\Program Files\AGEIA Technologies\TrayIcon.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-04-05 22:07:18 ----D---- C:\_OTMoveIt
2009-04-05 22:04:34 ----D---- C:\WINDOWS\ERDNT
2009-04-05 22:03:24 ----D---- C:\Program Files\ERUNT
2009-04-04 14:40:41 ----D---- C:\rsit
2009-04-03 20:18:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-03 20:16:23 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-04-03 20:16:22 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-04-03 11:10:06 ----D---- C:\Program Files\Sophos
2009-04-02 17:55:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-02 17:55:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-02 15:42:33 ----D---- C:\Program Files\ThreatFire
2009-04-02 15:42:33 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-04-02 14:43:03 ----D---- C:\Program Files\Common Files\Filseclab
2009-04-02 14:43:02 ----D---- C:\Program Files\Filseclab
2009-04-02 14:38:49 ----D---- C:\Program Files\Lavasoft
2009-04-02 14:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-02 14:38:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-01 17:03:32 ----D---- C:\Program Files\SpywareBlaster
2009-04-01 16:10:40 ----D---- C:\WINDOWS\system32\NtmsData
2009-03-26 16:55:11 ----D---- C:\WINDOWS\system32\ageia
2009-03-26 16:55:10 ----D---- C:\Program Files\AGEIA Technologies
2009-03-26 16:48:47 ----D---- C:\Program Files\Ubisoft
2009-03-25 11:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-03-25 11:43:24 ----D---- C:\Program Files\Common Files\EasyInfo
2009-03-24 17:39:14 ----HD---- C:\$AVG8.VAULT$
2009-03-23 15:37:47 ----D---- C:\NVIDIA
2009-03-09 16:18:08 ----D---- C:\Program Files\Disc2Phone
2009-03-06 22:03:29 ----D---- C:\Program Files\Common Files\Download Manager

======List of files/folders modified in the last 1 months======

2009-04-05 22:13:51 ----D---- C:\WINDOWS\system32
2009-04-05 22:13:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-05 22:10:40 ----D---- C:\Program Files\Mozilla Firefox
2009-04-05 22:10:21 ----D---- C:\WINDOWS\Temp
2009-04-05 22:08:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-05 22:06:29 ----D---- C:\WINDOWS\Prefetch
2009-04-05 22:05:52 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-05 22:04:34 ----D---- C:\WINDOWS
2009-04-05 22:03:24 ----RD---- C:\Program Files
2009-04-05 17:53:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-03 21:58:06 ----D---- C:\WINDOWS\system32\drivers
2009-04-03 21:42:45 ----SHD---- C:\WINDOWS\Installer
2009-04-03 21:42:45 ----D---- C:\Config.Msi
2009-04-03 21:41:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-03 21:41:56 ----D---- C:\WINDOWS\PCHEALTH
2009-04-03 20:22:59 ----A---- C:\rapport.txt
2009-04-03 20:20:41 ----A---- C:\WINDOWS\system32\tmp.txt
2009-04-03 12:34:37 ----D---- C:\Temp
2009-04-03 11:23:37 ----SHD---- C:\System Volume Information
2009-04-03 11:23:37 ----D---- C:\WINDOWS\system32\Restore
2009-04-02 18:27:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-02 14:43:03 ----D---- C:\Program Files\Common Files
2009-04-02 14:43:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-02 14:41:28 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-01 21:07:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-01 20:24:00 ----D---- C:\Documents and Settings\Yadev\Application Data\OpenOffice.org2
2009-04-01 20:07:24 ----D---- C:\Program Files\Unlocker
2009-04-01 17:36:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 16:48:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 15:58:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-01 15:13:22 ----HD---- C:\WINDOWS\inf
2009-03-27 19:07:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-27 19:07:32 ----D---- C:\Program Files\Common Files\Adobe
2009-03-26 16:55:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-26 16:45:33 ----RSD---- C:\WINDOWS\Fonts
2009-03-25 14:19:57 ----D---- C:\Documents and Settings\Yadev\Application Data\log
2009-03-25 11:44:21 ----D---- C:\Program Files\Electronic Arts
2009-03-24 17:10:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-24 17:09:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-24 14:53:41 ----D---- C:\WINDOWS\nview
2009-03-23 15:39:28 ----D---- C:\WINDOWS\Help
2009-03-18 16:03:35 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-24 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-24 27656]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 BS_I2cIo;BS_I2cIo; \??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\System32\DRIVERS\AVerBDA3x.sys [2006-12-14 1171456]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2003-03-28 3840]
R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2008-12-12 94208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-18 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-02-07 27136]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-12 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-08-11 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\System32\DRIVERS\UimBus.sys []
S2 port135sik;port135sik; \??\C:\WINDOWS\system32\drivers\port135sik.sys []
S3 ASFWHide;ASFWHide; \??\C:\DOCUME~1\Yadev\LOCALS~1\Temp\ASFWHide []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-09-29 1036928]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2004-09-29 219136]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\79.tmp []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-06-01 227712]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\System32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2004-09-29 702592]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-22 66872]
S2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-08-31 77944]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 06 April 2009 - 05:26 AM

Hi,

The files can be hidden. Just paste the filepaths I gave you into the filepath-box on VirusTotal.com. :thumbup2:

#14 Yadev

Yadev
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban, South Africa
  • Local time:08:26 AM

Posted 06 April 2009 - 11:36 AM

Hi.

Still no luck. When i paste either of the paths into the box and press enter I receive the message "File not found. Please verify correct file name given." This happen with both of the files.
Any other suggestions? :thumbup2:

Kind Regards,
Yadev

#15 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 06 April 2009 - 12:28 PM

Hi,

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to thi line (if still present).F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Yadev\eumbntq.exe \s,

Then close all windows except HijackThis and click Fix Checked.

Please post a new HijackThis log, and a description of any remaining problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users