Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fraud.XPAntivirus & Antivirus-xppro-2009.com


  • This topic is locked This topic is locked
21 replies to this topic

#1 DarlingNikki

DarlingNikki

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:06:21 PM

Posted 01 May 2009 - 01:47 PM

Last night while surfing, my browser began to lag severely before locking up altogether. Firefox then shut down and asked if I wanted to restart. When I did, several extra tabs opened up, my homepage was redirected to Antivirus-xppro-2009.com, and my desktop background was changed to : Warning, your system has founded an infection, run software now.

I ran Spybot, and it detected over 100 problems, and removed all but 5. It recommended I restart and run it again, so I did. This time Spybot removed everything but "Fraud.XPAntivirus".

My desktop is no longer showing the Warning, but Firefox would not load upon startup, because of Proxy server errors. I disabled that and can use FF now. However, every page has a bar at the top, saying my computer is infected and I MUST scan. It is a clickable link (no I have not clicked it), and seems to route to a download page for www.Antivirus-xppro-2009.com


DDS (Ver_09-03-16.01) - NTFSx86
Run by bambie at 13:33:42.40 on Fri 05/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.178 [GMT -5:00]

AV: AVG *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Documents and Settings\bambie\Application Data\pidle\pidle.exe
C:\Program Files\CallWave\IAM.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sonic\RecordNow!\RecordNow.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\bambie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.usps.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uWindow Title = Microsoft Internet Explorer provided by Eastex Net
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: c:\windows\system32\sjg9s8guigjs.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\sjg9s8guigjs.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - No File
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [prnet] "c:\windows\system32\prnet.tmp"
uRun: [pidle] "c:\documents and settings\bambie\application data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [DL32] DL32
uRun: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] c:\recycler\s-1-5-21-5952565744-3862749293-175475739-9467\service.exe
uRun: [Diagnostic Manager] c:\docume~1\bambie\locals~1\temp\2258572864.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [prnet] "c:\windows\system32\prnet.tmp"
mRun: [sysldtray] c:\windows\ld08.exe
mRun: [pp] c:\windows\pp06.exe
mRun: [CPMa7be9b17] Rundll32.exe "c:\windows\system32\yubihimo.dll",a
mRun: [liwiyihozi] Rundll32.exe "c:\windows\system32\sebajuyo.dll",s
StartupFolder: c:\docume~1\bambie\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\bambie\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\callwave.lnk - c:\program files\callwave\IAM.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &Search - ?p=ZU
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Semagic - c:\program files\semagic\link.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
LSP: c:\windows\temp\ntdll64.dll
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124690550093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
TCP: {90DB0876-DB82-4FA6-978A-9988161B3B28} = 204.96.16.141 204.96.17.141
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\vebimayo c:\windows\system32\yubihimo.dll,c:\windows\system32\vebimayo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yubihimo.dll
STS: {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - No File
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\yubihimo.dll
STS: c:\windows\system32\sjg9s8guigjs.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\sjg9s8guigjs.dll
LSA: Notification Packages = scecli c:\windows\system32\vebimayo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bambie\applic~1\mozilla\firefox\profiles\1u8ltugv.default user\
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll

============= SERVICES / DRIVERS ===============

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-1-29 266240]
S2 FCI;FCI;c:\windows\system32\svchost.exe:ext.exe []
S2 ntio256;Input and output operations;\??\c:\windows\system32\ntio256.sys --> c:\windows\system32\ntio256.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]
S3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2004-11-22 225375]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2004-11-22 23296]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2005-2-8 220079]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2004-11-22 245760]
S4 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2004-11-22 106496]

=============== Created Last 30 ================

2009-05-01 13:19 22,538 a------- c:\windows\system32\lmppcsetup.exe
2009-05-01 12:06 451 a------- c:\windows\system32\win32hlp.cnf
2009-04-30 19:48 94,204 a------- c:\windows\system32\drivers\ef8cea13.sys
2009-04-30 19:46 577,536 a------- c:\windows\system32\ddonvtvrej
2009-04-30 19:27 94,204 a------- c:\windows\system32\drivers\692b1957.sys
2009-04-30 19:20 577,536 a------- c:\windows\system32\abbfufi
2009-04-30 18:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-30 18:45 <DIR> --d----- c:\program files\AVG
2009-04-30 18:26 577,536 a------- c:\windows\system32\cczlj
2009-04-30 18:12 28,672 a------- c:\windows\system32\loader49.exe
2009-04-30 17:59 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-04-30 17:59 10,752 ----h--- c:\windows\pp06.exe
2009-04-30 17:57 101,888 a------- C:\ohkbrkoo.exe
2009-04-30 17:57 705 a------- C:\xmrgycj.exe
2009-04-30 17:56 46 a------- c:\windows\system32\p2hhr.bat
2009-04-30 17:54 7,680 a------- C:\okex.exe
2009-04-30 17:54 15,000 a------- c:\windows\system32\yhs783ijfo3fe.dll
2009-04-30 17:54 21,504 a------- c:\windows\system32\ak1.exe
2009-04-30 17:54 577,536 a------- c:\windows\system32\danr
2009-04-30 17:53 14,848 a------- c:\windows\system32\DL32.exe
2009-04-30 17:53 113,664 a------- C:\xipr.exe
2009-04-30 17:53 <DIR> --d----- c:\windows\system32\796525
2009-04-30 17:52 16,384 ----h--- c:\windows\ld08.exe
2009-04-30 17:51 94,204 a------- c:\windows\system32\drivers\aa727c12.sys
2009-04-30 17:51 101,888 a------- C:\wwmeoblk.exe
2009-04-30 17:51 705 a------- C:\pdtivk.exe
2009-04-30 17:50 0 a------- c:\windows\mqcd.dbt
2009-04-30 17:50 2 a------- C:\-1534220252
2009-04-30 17:50 7,680 a------- C:\celkadaa.exe
2009-04-30 17:49 28,672 a------- c:\windows\system32\inqby.sr
2009-04-30 17:49 32,768 a------- c:\windows\system32\ferryl.cbv
2009-04-30 17:49 32,768 a------- c:\windows\system32\fairy.an
2009-04-30 17:49 79,360 a------- c:\windows\system32\ashl.nq
2009-04-30 17:49 28,672 a------- c:\windows\system32\dolman.zt
2009-04-30 17:49 262,144 a------- c:\windows\system32\nvrsk.dll
2009-04-30 17:49 113,664 a------- c:\windows\system32\azton.mt
2009-04-30 17:48 113,664 a------- C:\kggi.exe
2009-04-30 17:48 15,000 a------- c:\windows\system32\sjg9s8guigjs.dll
2009-04-30 17:39 <DIR> --d----- c:\docume~1\bambie\applic~1\pidle
2009-04-30 17:38 182,911 a------- c:\windows\system32\prnet.tmp

==================== Find3M ====================

2009-04-30 19:46 14,336 a------- c:\windows\system32\svchost.exe
2009-04-30 18:15 104,960 a------- c:\windows\system32\userinit.exe
2009-04-30 18:00 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-04-30 17:49 577,536 a------- c:\windows\system32\user32.DLL
2009-04-30 17:47 51,712 a--sh--- c:\windows\system32\nunoloje.exe
2009-02-08 00:35 4,096 a------- c:\windows\d3dx.dat
2007-07-14 22:56 60,528 a------- c:\docume~1\bambie\applic~1\GDIPFONTCACHEV1.DAT
2007-05-13 19:56 951,395 a------- c:\program files\Install-3.0-3.54b4.exe
2005-10-07 01:55 4,654 ac------ c:\docume~1\bambie\applic~1\wklnhst.dat
2007-05-05 00:02 1,497,203 a--sh--- c:\windows\system32\jlkkj.bak1
2007-05-05 19:45 1,497,093 a--sh--- c:\windows\system32\jlkkj.bak2

============= FINISH: 13:34:09.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 01 May 2009 - 02:31 PM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 DarlingNikki

DarlingNikki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:06:21 PM

Posted 01 May 2009 - 05:44 PM

Downloading RSIT now


Malwarebytes' Anti-Malware 1.36
Database version: 2066
Windows 5.1.2600 Service Pack 2

5/1/2009 5:32:32 PM
mbam-log-2009-05-01 (17-32-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 203039
Time elapsed: 40 minute(s), 11 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 26
Registry Values Infected: 13
Registry Data Items Infected: 8
Folders Infected: 3
Files Infected: 62

Memory Processes Infected:
C:\Documents and Settings\bambie\Application Data\pidle\pidle.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\173525642.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\sjg9s8guigjs.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\nvrsk.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntio256 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma7be9b17 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\liwiyihozi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pidle (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12zfg94-f641-2sf-k31p-5n1er6h6l2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\bambie\Application Data\pidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\796525 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\sjg9s8guigjs.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\bambie\Application Data\pidle\pidle.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\173525642.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\pp06.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\796525\796525.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\celkadaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ohkbrkoo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\pdtivk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\wwmeoblk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\xmrgycj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\1701516114.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\1736774100.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\1825055350.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\1988729114.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\2258572864.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\2357399100.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\2358180350.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\2413649100.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\2581047364.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\2582922364.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\3242449968.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\373.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\424.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\505029916.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\531439878.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\c2fhtha97k.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\kjsfh3jfokdf3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\rip10.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temp\sv3yh9qvo1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temporary Internet Files\Content.IE5\29S96DCD\ddsuper1[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\bambie\Local Settings\Temporary Internet Files\Content.IE5\DZZPJP3G\ddsuper3[1].htm (Worm.Koobface) -> Quarantined and deleted successfully.
C:\I386\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ak1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DL32.exe (Backdoor.Tinxy) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\loader49.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vebimayo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yhs783ijfo3fe.dll (Roorkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3987431804.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\CC544F3F.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\E0EF3C0C.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nvrsk.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\azton.mt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\RunOnce2.t__ (Malware.Trace) -> Quarantined and deleted successfully.
C:\cp1041.nls (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\9g2234wesdf3dfgjf23 (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lmppcsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ferryl.cbv (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\inqby.sr (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fairy.an (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dolman.zt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ashl.nq (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mqcd.dbt (Malware.Trace) -> Quarantined and deleted successfully.
C:\kggi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\xipr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#4 DarlingNikki

DarlingNikki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:06:21 PM

Posted 01 May 2009 - 06:01 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by bambie at 2009-05-01 17:45:32
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 1 GB (3%) free of 35 GB
Total RAM: 510 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:48 PM, on 5/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\bambie\Desktop\RSIT.exe
C:\Program Files\trend micro\bambie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usps.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eastex Net
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DL32] DL32
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdat...b?1124690550093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90DB0876-DB82-4FA6-978A-9988161B3B28}: NameServer = 204.96.16.141 204.96.17.141
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\vebimayo c:\windows\system32\yubihimo.dll,C:\WINDOWS\system32\vebimayo.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 5532 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-bambie).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-caleb).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Eastexmail).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Floyd).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Guest).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Mom&Pop).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Mom).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Nan).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Nanna).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Poppie).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-The Iceman).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Ultimate Fighter).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{A057A204-BACC-4D26-9990-79A187E2698E}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-06-30 1388544]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"DL32"=DL32 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2003-12-08 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe [2004-06-07 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2004-01-28 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegaPanel]
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetMeter]
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-11-22 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe [2003-08-17 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe [2003-08-08 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanna^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2008-09-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"TrkWks"=2
"MCVSRte"=2
"mcupdmgr.exe"=3
"McShield"=3
"iPod Service"=3
"gusvc"=3
"CWShredder Service"=2
"Bonjour Service"=2
"Apple Mobile Device"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
CallWave.lnk - C:\Program Files\CallWave\IAM.exe

C:\Documents and Settings\bambie\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\vebimayo c:\windows\system32\yubihimo.dll,C:\WINDOWS\system32\vebimayo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\vebimayo.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo! Games\Zuma Deluxe\Zuma.exe"="C:\Program Files\Yahoo! Games\Zuma Deluxe\Zuma.exe:*:Enabled:Zuma"
"C:\Program Files\Yahoo! Games\PuzzleInlay\PuzzleInlay.exe"="C:\Program Files\Yahoo! Games\PuzzleInlay\PuzzleInlay.exe:*:Enabled:Puzzle Inlay"
"C:\Documents and Settings\Ultimate Fighter\My Documents\WinMX\WinMX.exe"="C:\Documents and Settings\Ultimate Fighter\My Documents\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Disabled:DC++"
"C:\Documents and Settings\Poppie\My Documents\My Received Files\Gold Miner\GoldMiner.exe"="C:\Documents and Settings\Poppie\My Documents\My Received Files\Gold Miner\GoldMiner.exe:*:Disabled:Gold Miner "
"C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp"="C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Disabled:kazaalite"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\Documents and Settings\Nanna\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Documents and Settings\Nanna\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Disabled:IncrediMail Installer"
"C:\Documents and Settings\Nanna\Desktop\incredimail_install.exe"="C:\Documents and Settings\Nanna\Desktop\incredimail_install.exe:*:Disabled:IncrediMail Installer"
"C:\WINDOWS\SYSTEM32\jkakiaaa.exe"="C:\WINDOWS\SYSTEM32\jkakiaaa.exe:*:Disabled:jkakiaaa"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"
"C:\Program Files\CallWave\IAM.exe"="C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======List of files/folders created in the last 3 months======

2009-05-01 17:45:33 ----D---- C:\Program Files\trend micro
2009-05-01 17:45:32 ----D---- C:\rsit
2009-05-01 16:11:31 ----D---- C:\Documents and Settings\bambie\Application Data\Malwarebytes
2009-05-01 16:11:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-01 16:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-01 16:09:56 ----D---- C:\WINDOWS\ERDNT
2009-05-01 16:09:44 ----D---- C:\Program Files\ERUNT
2009-04-30 18:53:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-30 18:45:19 ----D---- C:\Program Files\AVG
2009-04-30 17:54:47 ----A---- C:\okex.exe
2009-03-02 16:07:13 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-10 18:04:47 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2009-02-10 18:04:05 ----D---- C:\WINDOWS\Cake Mania 3
2009-02-10 18:04:05 ----D---- C:\Program Files\Cake Mania 3
2009-02-10 18:03:51 ----A---- C:\WINDOWS\Cake Mania 3 Setup Log.txt

======List of files/folders modified in the last 3 months======

2009-05-01 17:46:15 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-05-01 17:45:33 ----RD---- C:\Program Files
2009-05-01 17:40:51 ----D---- C:\WINDOWS\Temp
2009-05-01 17:40:51 ----D---- C:\WINDOWS\SYSTEM32
2009-05-01 17:39:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-01 17:37:57 ----D---- C:\Program Files\Mozilla Firefox
2009-05-01 17:36:53 ----D---- C:\Documents and Settings\bambie\Application Data\LimeWire
2009-05-01 17:36:19 ----D---- C:\Documents and Settings\bambie\Application Data\OpenOffice.org2
2009-05-01 17:35:54 ----D---- C:\Program Files\CallWave
2009-05-01 17:34:05 ----D---- C:\WINDOWS
2009-05-01 17:34:04 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-01 16:11:31 ----D---- C:\WINDOWS\Prefetch
2009-05-01 16:07:57 ----D---- C:\Program Files\Trillian
2009-05-01 13:26:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-01 02:19:47 ----AC---- C:\WINDOWS\wininit.ini
2009-04-30 23:37:57 ----D---- C:\WINDOWS\Cache
2009-04-30 19:48:58 ----SHD---- C:\RECYCLER
2009-04-30 19:46:30 ----A---- C:\WINDOWS\system32\svchost.exe
2009-04-30 19:36:05 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-04-30 19:24:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-30 18:44:26 ----SHD---- C:\WINDOWS\Installer
2009-04-30 18:44:25 ----D---- C:\Config.Msi
2009-04-30 18:43:43 ----SD---- C:\Documents and Settings\bambie\Application Data\Microsoft
2009-04-30 18:15:03 ----A---- C:\WINDOWS\system32\userinit.exe
2009-04-30 17:49:39 ----A---- C:\WINDOWS\system32\user32.DLL
2009-04-30 17:47:54 ----ASH---- C:\WINDOWS\system32\nunoloje.exe
2009-04-29 22:19:56 ----D---- C:\Program Files\LimeWire
2009-04-24 18:09:27 ----D---- C:\Program Files\Semagic
2009-04-20 02:09:04 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2009-04-20 02:09:03 ----D---- C:\WINDOWS\Help
2009-04-20 02:00:39 ----D---- C:\Temp
2009-04-20 01:56:55 ----D---- C:\Program Files\NetMeeting
2009-04-20 01:41:40 ----D---- C:\Program Files\Google
2009-04-20 01:41:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-04-20 01:34:09 ----D---- C:\Program Files\CallWave2
2009-04-07 14:46:41 ----AC---- C:\WINDOWS\QTW.INI
2009-04-05 10:47:08 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-21 13:10:38 ----HD---- C:\WINDOWS\INF
2009-03-20 16:55:47 ----D---- C:\I386
2009-03-20 00:21:01 ----D---- C:\~QTWTMP.TMP
2009-03-20 00:19:50 ----D---- C:\DELL
2009-03-02 16:06:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-02 16:06:54 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-12 36096]
R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-22 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-12 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-12 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-12 20480]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys []
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys []
S3 JL2005;JL2005A Toy Camera; C:\WINDOWS\System32\Drivers\toywdm.sys []
S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 10254]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-12 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V); C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 220079]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2004-08-12 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-12 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-12 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-12 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-12 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CSHelper;CopySafe Helper Service; C:\WINDOWS\system32\CSHelper.exe [2009-01-29 266240]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-04-30 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 CWShredder Service;CWShredder Service; C:\Documents and Settings\bambie\Local Settings\Temporary Internet Files\Content.IE5\DZZVH90E\cwshredder[1].exe service []
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2004-01-28 245760]
S4 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2003-08-08 106496]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-05-01 17:47:51

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4Media MP4 to MP3 Converter-->C:\Documents and Settings\Poppie\My Documents\files\MP4 to MP3 Converter 3\Uninstall.exe
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArtistScope Plugin FX 42-->"C:\WINDOWS\ArtistScope Plugin FX 42\uninstall.exe" "/U:C:\Program Files\Mozilla Firefox\plugins\Uninstall\uninstall.xml"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Cake Mania 3-->"C:\WINDOWS\Cake Mania 3\uninstall.exe" "/U:C:\Program Files\Cake Mania 3\Uninstall\uninstall.xml"
CallWave-->C:\Program Files\CallWave\IAM.exe -remove
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DivX Player-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
FrostByte Freddie 1.1-->"C:\Program Files\FrostByte\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\mtbs.exe c
OpenOffice.org 2.3-->MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Remove DivX Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926247)-->"C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Semagic (remove only)-->"C:\Program Files\Semagic\uninstall.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Version 4.0 ULTRA-->"C:\Documents and Settings\Ultimate Fighter\My Documents\cutnmix\unins000.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

======Security center information======

AV: AVG (outdated)

======System event log======

Computer Name: DDJ5M461
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 96572
Source Name: Service Control Manager
Time Written: 20090430180946.000000-300
Event Type: error
User:

Computer Name: DDJ5M461
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 96571
Source Name: Service Control Manager
Time Written: 20090430180809.000000-300
Event Type: error
User:

Computer Name: DDJ5M461
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 96570
Source Name: Service Control Manager
Time Written: 20090430180733.000000-300
Event Type: error
User:

Computer Name: DDJ5M461
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 96569
Source Name: Service Control Manager
Time Written: 20090430180556.000000-300
Event Type: error
User:

Computer Name: DDJ5M461
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 96568
Source Name: Service Control Manager
Time Written: 20090430180520.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: DDJ5M461
Event Code: 1015
Message:
Record Number: 15690
Source Name: EvntAgnt
Time Written: 20070811114528.000000-300
Event Type: warning
User:

Computer Name: DDJ5M461
Event Code: 1003
Message:
Record Number: 15689
Source Name: EvntAgnt
Time Written: 20070811114528.000000-300
Event Type: warning
User:

Computer Name: DDJ5M461
Event Code: 1517
Message: Windows saved user DDJ5M461\bambie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15687
Source Name: Userenv
Time Written: 20070811114413.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DDJ5M461
Event Code: 1015
Message:
Record Number: 15686
Source Name: EvntAgnt
Time Written: 20070811093154.000000-300
Event Type: warning
User:

Computer Name: DDJ5M461
Event Code: 1003
Message:
Record Number: 15685
Source Name: EvntAgnt
Time Written: 20070811093154.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files



#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 02 May 2009 - 05:33 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 DarlingNikki

DarlingNikki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:06:21 PM

Posted 02 May 2009 - 11:27 AM

ComboFix 09-05-02.4 - bambie 05/02/2009 11:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.336 [GMT -5:00]
Running from: c:\documents and settings\bambie\Desktop\ComboFix.exe
AV: AVG *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\bambie\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Nanna\Application Data\Install.dat
c:\windows\SYSTEM32\jlkkj.bak1
c:\windows\SYSTEM32\jlkkj.bak2
c:\windows\system32\jlkkj.ini
c:\windows\system32\st3.dll
.
---- Previous Run -------
.
c:\windows\alexa.exe
c:\windows\patch.exe

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\i386\USERINIT.EXE


Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :thumbup2:

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fci
-------\Legacy_NTIO256


((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 14:09 . 2009-05-02 14:09 -------- d-----w c:\documents and settings\Nanna\Application Data\Malwarebytes
2009-05-01 22:45 . 2009-05-01 22:47 -------- d-----w c:\program files\trend micro
2009-05-01 22:45 . 2009-05-01 22:47 -------- d-----w C:\rsit
2009-05-01 21:11 . 2009-05-01 21:11 -------- d-----w c:\documents and settings\bambie\Application Data\Malwarebytes
2009-05-01 21:11 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 21:11 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 21:11 . 2009-05-01 21:11 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 21:11 . 2009-05-01 21:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 21:09 . 2009-05-01 21:09 -------- d-----w c:\program files\ERUNT
2009-05-01 00:48 . 2009-05-02 16:16 94204 ----a-w c:\windows\system32\drivers\ef8cea13.sys
2009-05-01 00:27 . 2009-05-02 16:16 94204 ----a-w c:\windows\system32\drivers\692b1957.sys
2009-04-30 23:53 . 2009-05-01 02:44 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-30 23:28 . 2009-04-30 23:28 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Mozilla
2009-04-30 22:54 . 2009-05-01 00:46 7680 ----a-w C:\okex.exe
2009-04-30 22:51 . 2009-05-02 16:16 94204 ----a-w c:\windows\system32\drivers\aa727c12.sys
2009-04-16 13:45 . 2009-04-16 13:45 -------- d-----w c:\documents and settings\Nanna\Application Data\OpenOffice.org2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 16:16 . 2004-12-10 18:37 490 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Mom).job
2009-05-02 16:15 . 2007-05-11 02:24 -------- d-----w c:\program files\CallWave
2009-05-02 16:15 . 2005-08-22 23:06 516 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Ultimate Fighter).job
2009-05-02 16:15 . 2005-05-25 04:14 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Floyd).job
2009-05-02 16:15 . 2004-12-09 22:47 496 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-bambie).job
2009-05-02 16:14 . 2004-11-23 03:13 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 16:08 . 2004-08-12 14:01 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-02 16:03 . 2004-08-12 14:08 577536 ----a-w c:\windows\system32\user32.dll
2009-05-02 16:02 . 2005-08-24 17:24 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Nanna).job
2009-05-02 16:02 . 2005-08-23 00:11 496 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Poppie).job
2009-05-02 16:02 . 2005-05-27 03:45 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Guest).job
2009-05-02 15:59 . 2004-12-20 03:01 504 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Eastexmail).job
2009-05-02 15:59 . 2004-12-09 22:48 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-caleb).job
2009-05-02 15:58 . 2005-10-06 23:47 498 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Mom&Pop).job
2009-05-02 15:58 . 2005-08-21 23:15 504 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-The Iceman).job
2009-05-02 15:58 . 2005-06-04 04:56 490 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Nan).job
2009-05-02 15:58 . 2004-11-23 03:33 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Owner).job
2009-05-02 14:39 . 2007-09-08 03:24 -------- d-----w c:\program files\Trillian
2009-05-01 00:46 . 2004-08-12 14:06 14336 ----a-w c:\windows\system32\svchost.exe
2009-04-30 22:49 . 2004-08-12 14:08 577536 ----a-w c:\windows\system32\user32.dll.vir
2009-04-30 22:47 . 2009-01-30 22:47 51712 --sha-w c:\windows\system32\nunoloje.exe
2009-04-30 03:19 . 2007-09-21 18:28 -------- d-----w c:\program files\LimeWire
2009-04-29 16:32 . 2008-02-20 05:07 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-24 23:09 . 2007-09-08 04:44 -------- d-----w c:\program files\Semagic
2009-04-20 06:41 . 2004-12-10 08:43 -------- d-----w c:\program files\Google
2009-04-20 06:34 . 2005-12-08 23:12 -------- d-----w c:\program files\CallWave2
2009-04-16 03:25 . 2007-10-31 01:16 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-20 14:31 . 2006-05-13 15:57 62040 -c--a-w c:\documents and settings\Nanna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-08 05:35 . 2009-02-08 05:35 4096 ----a-w c:\windows\d3dx.dat
2007-05-14 00:56 . 2007-05-14 00:50 951395 ----a-w c:\program files\Install-3.0-3.54b4.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DL32"="DL32" [X]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [2004-01-28 180224]
"MCAgentExe"="c:\progra~1\McAfee.com\Agent\McAgent.exe" [2003-12-08 245760]

c:\documents and settings\bambie\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CallWave.lnk - c:\program files\CallWave\IAM.exe [2005-12-8 1590352]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\vebimayo.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nanna^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Nanna\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TrkWks"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"CWShredder Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support
"1257:UDP"= 1257:UDP:Windows Media Format SDK (iexplore.exe)
"1256:UDP"= 1256:UDP:Windows Media Format SDK (iexplore.exe)
"1259:UDP"= 1259:UDP:Windows Media Format SDK (iexplore.exe)
"1276:UDP"= 1276:UDP:Windows Media Format SDK (iexplore.exe)
"1277:UDP"= 1277:UDP:Windows Media Format SDK (iexplore.exe)
"1278:UDP"= 1278:UDP:Windows Media Format SDK (iexplore.exe)

R3 BW2NDIS5;BW2NDIS5; [x]
R3 JL2005;JL2005A Toy Camera; [x]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\DRIVERS\LV551AV.sys [2002-06-10 220079]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-01-29 266240]

.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-bambie).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-caleb).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Eastexmail).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Floyd).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Guest).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Mom&Pop).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Mom).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Nan).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Nanna).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Poppie).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-The Iceman).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Ultimate Fighter).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
Notify-avgrsstarter - avgrsstx.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.usps.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Search
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: Semagic - c:\program files\Semagic\link.htm
FF - ProfilePath - c:\documents and settings\bambie\Application Data\Mozilla\Firefox\Profiles\lq6mpe0b.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - component: c:\documents and settings\bambie\Application Data\Mozilla\Firefox\Profiles\lq6mpe0b.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 11:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthqpjxjkvdlhxppqqdxkixtxwsrpiqtqtu.sys 83968 bytes executable
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthdecwkbbapb.tmp 133632 bytes executable
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthhpjikskiym.tmp 107520 bytes executable
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthqajicdride.tmp 343040 bytes executable
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthx000 0 bytes
c:\windows\system32\ovfsthivfdjmqdfkdjnypqtqwobdknrgbwktur.dat 59861 bytes
c:\windows\system32\ovfsthlobrxfktoeyxfpjnmhjlfmxwruyixdnx.dll 18944 bytes executable
c:\windows\system32\ovfsthlobrxfktoeyxfpjnmhjlfmxwruyixdnx.dll_old 18944 bytes executable
c:\windows\system32\ovfsthpcwbwiehgspbtgagdpalqjomjfqpcwiv.dll 60928 bytes executable
c:\windows\system32\ovfsthpcwbwiehgspbtgagdpalqjomjfqpcwiv.dll_old 60928 bytes executable
c:\windows\system32\ovfsthuhujdioygsoyilwogarbsshsngtlgvdb.dll 18432 bytes executable
c:\windows\system32\ovfsthwentnmaogymxcjypolssafceyiuqqhrj.dat 43 bytes

scan completed successfully
hidden files: 12

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2192)
c:\windows\system32\msls31.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-02 11:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 16:19

Pre-Run: 1,057,988,608 bytes free
Post-Run: 1,822,756,864 bytes free

247 --- E O F --- 2007-09-01 06:56



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:42 AM, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\bambie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usps.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DL32] DL32
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdat...b?1124690550093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90DB0876-DB82-4FA6-978A-9988161B3B28}: NameServer = 204.96.16.141 204.96.17.141
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 5424 bytes

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 02 May 2009 - 11:52 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
ef8cea13
692b1957
aa727c12

Rootkit::
c:\windows\system32\drivers\ovfsthqpjxjkvdlhxppqqdxkixtxwsrpiqtqtu.sys
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthdecwkbbapb.tmp
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthhpjikskiym.tmp
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthqajicdride.tmp
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthx000
c:\windows\system32\ovfsthivfdjmqdfkdjnypqtqwobdknrgbwktur.dat
c:\windows\system32\ovfsthlobrxfktoeyxfpjnmhjlfmxwruyixdnx.dll
c:\windows\system32\ovfsthlobrxfktoeyxfpjnmhjlfmxwruyixdnx.dll_old
c:\windows\system32\ovfsthpcwbwiehgspbtgagdpalqjomjfqpcwiv.dll
c:\windows\system32\ovfsthpcwbwiehgspbtgagdpalqjomjfqpcwiv.dll_old
c:\windows\system32\ovfsthuhujdioygsoyilwogarbsshsngtlgvdb.dll
c:\windows\system32\ovfsthwentnmaogymxcjypolssafceyiuqqhrj.dat

File::
c:\windows\system32\drivers\ef8cea13.sys
c:\windows\system32\drivers\692b1957.sys
C:\okex.exe
c:\windows\system32\drivers\aa727c12.sys
c:\windows\system32\nunoloje.exe
c:\windows\system32\vebimayo.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DL32"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 DarlingNikki

DarlingNikki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:06:21 PM

Posted 02 May 2009 - 12:40 PM

ComboFix 09-05-02.4 - bambie 05/02/2009 12:28.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.334 [GMT -5:00]
Running from: c:\documents and settings\bambie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\bambie\Desktop\CFScript.txt
AV: AVG *On-access scanning enabled* (Outdated)

FILE ::
C:\okex.exe
c:\windows\system32\drivers\692b1957.sys
c:\windows\system32\drivers\aa727c12.sys
c:\windows\system32\drivers\ef8cea13.sys
c:\windows\system32\nunoloje.exe
c:\windows\system32\vebimayo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\bambie\LOCALS~1\Temp\ovfsthdecwkbbapb.tmp
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthhpjikskiym.tmp
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthqajicdride.tmp
c:\docume~1\bambie\LOCALS~1\Temp\ovfsthx000
C:\okex.exe
c:\windows\system32\drivers\692b1957.sys
c:\windows\system32\drivers\aa727c12.sys
c:\windows\system32\drivers\ef8cea13.sys
c:\windows\system32\drivers\ovfsthqpjxjkvdlhxppqqdxkixtxwsrpiqtqtu.sys
c:\windows\system32\nunoloje.exe
c:\windows\system32\ovfsthivfdjmqdfkdjnypqtqwobdknrgbwktur.dat
c:\windows\system32\ovfsthlobrxfktoeyxfpjnmhjlfmxwruyixdnx.dll
c:\windows\system32\ovfsthlobrxfktoeyxfpjnmhjlfmxwruyixdnx.dll_old
c:\windows\system32\ovfsthpcwbwiehgspbtgagdpalqjomjfqpcwiv.dll
c:\windows\system32\ovfsthpcwbwiehgspbtgagdpalqjomjfqpcwiv.dll_old
c:\windows\system32\ovfsthuhujdioygsoyilwogarbsshsngtlgvdb.dll
c:\windows\system32\ovfsthwentnmaogymxcjypolssafceyiuqqhrj.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fci
-------\Legacy_NTIO256
-------\Service_692b1957
-------\Service_aa727c12
-------\Service_ef8cea13


((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 14:09 . 2009-05-02 14:09 -------- d-----w c:\documents and settings\Nanna\Application Data\Malwarebytes
2009-05-01 22:45 . 2009-05-02 16:26 -------- d-----w c:\program files\trend micro
2009-05-01 22:45 . 2009-05-01 22:47 -------- d-----w C:\rsit
2009-05-01 21:11 . 2009-05-01 21:11 -------- d-----w c:\documents and settings\bambie\Application Data\Malwarebytes
2009-05-01 21:11 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 21:11 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 21:11 . 2009-05-01 21:11 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 21:11 . 2009-05-01 21:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 21:09 . 2009-05-01 21:09 -------- d-----w c:\program files\ERUNT
2009-04-30 23:53 . 2009-05-01 02:44 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-30 23:28 . 2009-04-30 23:28 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Mozilla
2009-04-16 13:45 . 2009-04-16 13:45 -------- d-----w c:\documents and settings\Nanna\Application Data\OpenOffice.org2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 17:33 . 2005-08-21 23:15 504 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-The Iceman).job
2009-05-02 17:33 . 2005-10-06 23:47 498 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Mom&Pop).job
2009-05-02 17:33 . 2005-06-04 04:56 490 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Nan).job
2009-05-02 17:33 . 2004-11-23 03:33 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Owner).job
2009-05-02 17:32 . 2007-05-11 02:24 -------- d-----w c:\program files\CallWave
2009-05-02 17:32 . 2004-11-23 03:13 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 17:27 . 2005-08-24 17:24 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Nanna).job
2009-05-02 17:27 . 2005-08-23 00:11 496 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Poppie).job
2009-05-02 17:27 . 2005-05-27 03:45 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Guest).job
2009-05-02 17:27 . 2004-12-09 22:47 496 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-bambie).job
2009-05-02 17:24 . 2004-12-20 03:01 504 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Eastexmail).job
2009-05-02 17:24 . 2004-12-09 22:48 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-caleb).job
2009-05-02 17:21 . 2004-12-10 18:37 490 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Mom).job
2009-05-02 17:20 . 2005-08-22 23:06 516 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Ultimate Fighter).job
2009-05-02 17:20 . 2005-05-25 04:14 494 ----a-w c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Floyd).job
2009-05-02 16:08 . 2004-08-12 14:01 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-02 16:03 . 2004-08-12 14:08 577536 ----a-w c:\windows\system32\user32.dll
2009-05-02 14:39 . 2007-09-08 03:24 -------- d-----w c:\program files\Trillian
2009-05-01 00:46 . 2004-08-12 14:06 14336 ----a-w c:\windows\system32\svchost.exe
2009-04-30 22:49 . 2004-08-12 14:08 577536 ----a-w c:\windows\system32\user32.dll.vir
2009-04-30 03:19 . 2007-09-21 18:28 -------- d-----w c:\program files\LimeWire
2009-04-29 16:32 . 2008-02-20 05:07 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-24 23:09 . 2007-09-08 04:44 -------- d-----w c:\program files\Semagic
2009-04-20 06:41 . 2004-12-10 08:43 -------- d-----w c:\program files\Google
2009-04-20 06:34 . 2005-12-08 23:12 -------- d-----w c:\program files\CallWave2
2009-04-16 03:25 . 2007-10-31 01:16 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-20 14:31 . 2006-05-13 15:57 62040 -c--a-w c:\documents and settings\Nanna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-08 05:35 . 2009-02-08 05:35 4096 ----a-w c:\windows\d3dx.dat
2007-05-14 00:56 . 2007-05-14 00:50 951395 ----a-w c:\program files\Install-3.0-3.54b4.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-02_16.15.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-12-09 22:44 . 2009-05-02 17:26 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-12-09 22:44 . 2009-05-02 16:14 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-12-09 22:44 . 2009-05-02 17:26 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-12-09 22:44 . 2009-05-02 16:14 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-12-09 22:44 . 2009-05-02 17:26 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2004-12-09 22:44 . 2009-05-02 16:14 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [2004-01-28 180224]
"MCAgentExe"="c:\progra~1\McAfee.com\Agent\McAgent.exe" [2003-12-08 245760]

c:\documents and settings\bambie\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CallWave.lnk - c:\program files\CallWave\IAM.exe [2005-12-8 1590352]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nanna^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Nanna\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TrkWks"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"CWShredder Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support
"1257:UDP"= 1257:UDP:Windows Media Format SDK (iexplore.exe)
"1256:UDP"= 1256:UDP:Windows Media Format SDK (iexplore.exe)
"1259:UDP"= 1259:UDP:Windows Media Format SDK (iexplore.exe)
"1276:UDP"= 1276:UDP:Windows Media Format SDK (iexplore.exe)
"1277:UDP"= 1277:UDP:Windows Media Format SDK (iexplore.exe)
"1278:UDP"= 1278:UDP:Windows Media Format SDK (iexplore.exe)
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-bambie).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-caleb).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Eastexmail).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Floyd).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Guest).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Mom&Pop).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Mom).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Nan).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Nanna).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Poppie).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-The Iceman).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]

2009-05-02 c:\windows\Tasks\McAfee.com Update Check (DDJ5M461-Ultimate Fighter).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-11-23 22:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.usps.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Search
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: Semagic - c:\program files\Semagic\link.htm
FF - ProfilePath - c:\documents and settings\bambie\Application Data\Mozilla\Firefox\Profiles\lq6mpe0b.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - component: c:\documents and settings\bambie\Application Data\Mozilla\Firefox\Profiles\lq6mpe0b.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 12:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\msls31.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\CSHelper.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-02 12:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 17:37
ComboFix2.txt 2009-05-02 16:20

Pre-Run: 1,824,530,432 bytes free
Post-Run: 1,798,619,136 bytes free

242 --- E O F --- 2007-09-01 06:56



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:51 PM, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usps.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdat...b?1124690550093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 5272 bytes

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 02 May 2009 - 07:07 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :files
    c:\windows\system32\user32.dll.vir
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply..

1. OTMoveIt3
2. Malwarebytes'
3. ESET Online Scanner
4. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 08 May 2009 - 06:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:21 PM

Posted 28 May 2009 - 08:17 PM

Hello fenzodahl512
I've re opened this at the request of the OP.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 29 May 2009 - 01:24 AM

Thank you.. Please run RSIT once again and post the log here

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 DarlingNikki

DarlingNikki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:06:21 PM

Posted 29 May 2009 - 08:12 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by bambie at 2009-05-29 20:09:32
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 3 GB (10%) free of 35 GB
Total RAM: 510 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:39 PM, on 5/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Documents and Settings\bambie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\bambie\Desktop\RSIT.exe
C:\Program Files\trend micro\bambie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eastex.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eastex Net
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bambie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdat...b?1124690550093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90DB0876-DB82-4FA6-978A-9988161B3B28}: NameServer = 204.96.16.141 204.96.17.141
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 4228 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4266103102-3271643631-2953437549-1006.job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-bambie).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-caleb).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Eastexmail).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Floyd).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Guest).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Mom&Pop).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Mom).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Nan).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Nanna).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Poppie).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-The Iceman).job
C:\WINDOWS\tasks\McAfee.com Update Check (DDJ5M461-Ultimate Fighter).job
C:\WINDOWS\tasks\McAfee.com Update Check (RALPH-bambie).job
C:\WINDOWS\tasks\McAfee.com Update Check (RALPH-Nanna).job
C:\WINDOWS\tasks\McAfee.com Update Check (RALPH-Poppie).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{A057A204-BACC-4D26-9990-79A187E2698E}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\bambie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe [2003-12-08 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe [2004-06-07 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe [2004-01-28 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegaPanel]
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetMeter]
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-11-22 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-06-30 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe [2003-08-17 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe [2003-08-08 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bambie^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanna^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2008-09-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"TrkWks"=2
"MCVSRte"=2
"mcupdmgr.exe"=3
"McShield"=3
"iPod Service"=3
"gusvc"=3
"CWShredder Service"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"WMPNetworkSvc"=3
"BITS"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
CallWave.lnk - C:\Program Files\CallWave\IAM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-12 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CallWave\IAM.exe"="C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-05-26 12:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2009-05-23 17:30:51 ----A---- C:\WINDOWS\Cake Mania 3 Uninstall Log.txt
2009-05-15 15:40:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-14 19:48:50 ----D---- C:\Documents and Settings\bambie\Application Data\skypePM
2009-05-14 19:46:55 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-06 22:38:16 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-05-06 22:35:50 ----D---- C:\WINDOWS\Prefetch
2009-05-06 22:29:39 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-05-06 22:29:15 ----D---- C:\Program Files\Online Services
2009-05-06 22:27:27 ----D---- C:\Program Files\Messenger
2009-05-06 21:33:17 ----A---- C:\WINDOWS\pnplog.txt
2009-05-06 21:24:18 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-05-06 21:24:18 ----A---- C:\WINDOWS\system32\irclass.dll
2009-05-06 21:24:00 ----RA---- C:\WINDOWS\SET9C.tmp
2009-05-06 21:23:57 ----RA---- C:\WINDOWS\SET90.tmp
2009-05-06 21:23:55 ----RA---- C:\WINDOWS\SET8D.tmp
2009-05-06 16:14:00 ----D---- C:\WINDOWS\Connection Wizard
2009-05-03 21:18:37 ----A---- C:\WINDOWS\system32\write.exe
2009-05-03 21:18:29 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-05-03 21:18:28 ----A---- C:\WINDOWS\system32\winchat.exe
2009-05-03 21:18:28 ----A---- C:\WINDOWS\system32\hticons.dll
2009-05-03 21:18:28 ----A---- C:\WINDOWS\system32\avwav.dll
2009-05-03 21:18:28 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-05-03 21:18:28 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-05-03 21:18:22 ----A---- C:\WINDOWS\system32\getuname.dll
2009-05-03 21:18:22 ----A---- C:\WINDOWS\system32\charmap.exe
2009-05-03 21:18:22 ----A---- C:\WINDOWS\system32\calc.exe
2009-05-03 21:18:20 ----A---- C:\WINDOWS\system32\winmine.exe
2009-05-03 21:18:20 ----A---- C:\WINDOWS\system32\sol.exe
2009-05-03 21:18:20 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-05-03 21:18:20 ----A---- C:\WINDOWS\system32\freecell.exe
2009-05-03 21:18:18 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-05-03 21:18:18 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-05-03 21:18:18 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-05-03 21:18:18 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-05-03 21:18:18 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-05-03 21:18:17 ----A---- C:\WINDOWS\system32\spider.exe
2009-05-03 00:14:45 ----SHD---- C:\RECYCLER
2009-05-02 23:44:49 ----D---- C:\_OTMoveIt
2009-05-02 12:37:36 ----D---- C:\WINDOWS\temp
2009-05-02 12:37:35 ----A---- C:\ComboFix.txt
2009-05-02 11:00:36 ----RASHD---- C:\cmdcons
2009-05-02 09:52:56 ----A---- C:\WINDOWS\zip.exe
2009-05-02 09:52:56 ----A---- C:\WINDOWS\vFind.exe
2009-05-02 09:52:56 ----A---- C:\WINDOWS\SWREG.exe
2009-05-02 09:52:56 ----A---- C:\WINDOWS\sed.exe
2009-05-02 09:52:56 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-02 09:52:56 ----A---- C:\WINDOWS\grep.exe
2009-05-02 09:52:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-02 09:52:55 ----A---- C:\WINDOWS\SWSC.exe
2009-05-02 09:49:49 ----D---- C:\Qoobox
2009-05-02 09:27:46 ----RA---- C:\Program Files\ComboFix.exe
2009-05-01 17:45:33 ----D---- C:\Program Files\trend micro
2009-05-01 17:45:32 ----D---- C:\rsit
2009-05-01 17:39:20 ----A---- C:\Program Files\RSIT.exe
2009-05-01 16:11:31 ----D---- C:\Documents and Settings\bambie\Application Data\Malwarebytes
2009-05-01 16:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-01 16:09:56 ----D---- C:\WINDOWS\ERDNT
2009-04-30 18:53:24 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-05-29 20:09:18 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-05-29 20:09:11 ----D---- C:\Program Files\Trillian
2009-05-29 20:03:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-29 20:02:14 ----D---- C:\Documents and Settings\bambie\Application Data\LimeWire
2009-05-29 15:42:59 ----D---- C:\Program Files\Mozilla Firefox
2009-05-29 11:18:50 ----D---- C:\Program Files\CallWave
2009-05-26 12:42:23 ----D---- C:\WINDOWS
2009-05-26 12:41:01 ----D---- C:\WINDOWS\SYSTEM32
2009-05-26 12:38:41 ----HD---- C:\WINDOWS\INF
2009-05-26 12:38:38 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2009-05-26 12:37:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-26 12:37:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-23 19:30:17 ----D---- C:\Program Files\Semagic
2009-05-23 17:33:06 ----A---- C:\WINDOWS\Cake Mania 3 Setup Log.txt
2009-05-23 17:32:38 ----D---- C:\Program Files\Cake Mania 3
2009-05-23 14:31:23 ----SHD---- C:\WINDOWS\Installer
2009-05-23 14:31:23 ----D---- C:\Config.Msi
2009-05-23 14:31:18 ----D---- C:\Program Files\Common Files
2009-05-23 14:31:17 ----RD---- C:\Program Files
2009-05-20 10:23:48 ----D---- C:\Documents and Settings\bambie\Application Data\OpenOffice.org2
2009-05-15 15:40:17 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-14 17:19:19 ----D---- C:\Program Files\Google
2009-05-14 15:03:50 ----D---- C:\Documents and Settings\bambie\Application Data\Mozilla
2009-05-14 14:43:46 ----SD---- C:\WINDOWS\Tasks
2009-05-13 12:41:17 ----SH---- C:\boot.ini
2009-05-13 12:41:17 ----A---- C:\WINDOWS\WIN.INI
2009-05-13 12:41:17 ----A---- C:\WINDOWS\system.ini
2009-05-12 01:01:11 ----D---- C:\WINDOWS\pss
2009-05-07 11:42:51 ----D---- C:\WINDOWS\SECURITY
2009-05-06 22:38:28 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-06 22:38:25 ----D---- C:\WINDOWS\Registration
2009-05-06 22:37:37 ----AC---- C:\WINDOWS\setuplog.txt
2009-05-06 22:37:13 ----SHD---- C:\System Volume Information
2009-05-06 22:35:10 ----D---- C:\WINDOWS\system32\CONFIG
2009-05-06 22:34:22 ----A---- C:\WINDOWS\imsins.BAK
2009-05-06 22:31:33 ----D---- C:\Program Files\Windows Media Player
2009-05-06 22:31:30 ----D---- C:\WINDOWS\Help
2009-05-06 22:30:49 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-05-06 22:30:40 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-05-06 22:30:18 ----D---- C:\WINDOWS\system32\IAS
2009-05-06 22:29:43 ----RD---- C:\WINDOWS\Web
2009-05-06 22:29:29 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-05-06 22:29:07 ----D---- C:\WINDOWS\system32\OOBE
2009-05-06 22:29:06 ----D---- C:\Program Files\NetMeeting
2009-05-06 22:28:59 ----D---- C:\Program Files\Outlook Express
2009-05-06 22:28:59 ----D---- C:\Program Files\Common Files\System
2009-05-06 22:28:41 ----D---- C:\WINDOWS\system32\Com
2009-05-06 21:26:22 ----AD---- C:\DRIVERS
2009-05-06 21:24:10 ----ASH---- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
2009-05-06 16:21:10 ----D---- C:\WINDOWS\SYSTEM
2009-05-06 16:21:09 ----D---- C:\WINDOWS\system32\Setup
2009-05-06 16:21:00 ----D---- C:\WINDOWS\system32\USMT
2009-05-06 16:20:51 ----D---- C:\WINDOWS\AppPatch
2009-05-06 16:20:49 ----D---- C:\WINDOWS\IME
2009-05-06 16:20:48 ----RSD---- C:\WINDOWS\Fonts
2009-05-06 16:20:48 ----D---- C:\WINDOWS\Media
2009-05-06 16:20:45 ----D---- C:\WINDOWS\system32\WBEM
2009-05-06 16:20:36 ----D---- C:\WINDOWS\PeerNet
2009-05-06 16:20:20 ----D---- C:\WINDOWS\system32\NPP
2009-05-06 16:20:13 ----D---- C:\WINDOWS\MSAGENT
2009-05-06 16:16:52 ----D---- C:\WINDOWS\TWAIN_32
2009-05-06 16:15:47 ----D---- C:\WINDOWS\system32\ICSXML
2009-05-06 16:15:14 ----D---- C:\Program Files\Modem Helper
2009-05-06 16:15:08 ----D---- C:\WINDOWS\system32\1033
2009-05-06 16:14:00 ----D---- C:\WINDOWS\Driver Cache
2009-05-05 16:02:11 ----D---- C:\Temp
2009-05-03 21:18:34 ----D---- C:\WINDOWS\Cursors
2009-05-03 21:18:28 ----D---- C:\Program Files\Windows NT
2009-05-02 10:08:27 ----SD---- C:\Documents and Settings\bambie\Application Data\Microsoft
2009-05-02 09:32:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 02:19:47 ----AC---- C:\WINDOWS\wininit.ini
2009-04-30 23:37:57 ----D---- C:\WINDOWS\Cache
2009-04-30 19:36:05 ----AC---- C:\WINDOWS\ntbtlog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-12 36096]
R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-12 223616]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-22 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-12 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-12 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-12 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-12 20480]
S1 ovfsthumlamrxrgvpqfvklrqhxvmpltehbaimr;ovfsthumlamrxrgvpqfvklrqhxvmpltehbaimr; C:\WINDOWS\system32\drivers\ovfsthqpjxjkvdlhxppqqdxkixtxwsrpiqtqtu.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2004-03-24 4272]
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys []
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys []
S3 JL2005;JL2005A Toy Camera; C:\WINDOWS\System32\Drivers\toywdm.sys []
S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 10254]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-12 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V); C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 220079]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2004-08-12 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-12 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-12 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-12 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-12 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
R2 CSHelper;CopySafe Helper Service; C:\WINDOWS\system32\CSHelper.exe [2009-01-29 266240]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2004-08-12 14336]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-12 19456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 CWShredder Service;CWShredder Service; C:\Documents and Settings\bambie\Local Settings\Temporary Internet Files\Content.IE5\DZZVH90E\cwshredder[1].exe service []
S4 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2004-01-28 245760]
S4 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2003-08-08 106496]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 30 May 2009 - 07:12 AM

Looks nice.. Tell me, what's the problem with the computer? :thumbup2:


In the mean time, pls do below..

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 DarlingNikki

DarlingNikki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:06:21 PM

Posted 01 June 2009 - 03:16 PM

I'm getting redirected to different sites when I use Google search, and there is a two minute lag in getting firefox, task manager, iTunes, or Trillian to open when I first log in to my desktop. I disabled all of the add-ons for Firefox, and it has not helped.

I don't know if it is related, but now every time I start the computer, it asks me to choose which version of XP I want to run-home or pro; is there a way to skip that?

Edited by DarlingNikki, 01 June 2009 - 03:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users