Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File particularly reluctant to be found and deleted!


  • This topic is locked This topic is locked
7 replies to this topic

#1 OfficerDibble

OfficerDibble

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 02 June 2009 - 11:34 AM

Hello,

I was being helped by Boopme in the Security > Am I Infected? Forum. Thanks to that help a number of viruses and rootkits have been removed from my laptop. But there is a particularly difficult issue relating to a particular file so it was suggested I post here for additional assistance.

The original thread is here: http://www.bleepingcomputer.com/forums/t/228289/vundo-infection-any-help-appreciated/

The current issue relates to this file: C:\WINDOWS\system32\drivers\UACrsmvjxsxpaoyjeo.sys

This is identified by RootRepeal in the ‘hidden services’ tab, but it cannot be wiped as a dialogue appears saying ‘could not find file on disk’. Incidentally this file also does not register in the ‘file’ tab of the RootRepeal report either.

We tried to use MBAM’s FileAssassin feature but the file identified by RR simply isn’t there when trying to look for it. So FileAssassin could not work.

I also tried finding it through Windows explorer and via the command prompt just to be sure and it definitely isn’t there.

So, anyway, Boopme asked me to post a HJT log here and wait for advice on next steps. I know everyone is busy, but if someone can recommend any next steps in due course it would be much appreciated.

HJT log below.

Thanks all.

Tony


==============


DDS (Ver_09-05-14.01) - NTFSx86
Run by AS at 22:30:02.12 on Sun 05/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.511.176 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\anthony.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AS\Desktop\RootRepeal\RootRepeal.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AS\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.bbc.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 193.129.184.167:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=anthony.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\windows\downlo~1\vzbb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\windows\downlo~1\vzbb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [NewsPoint] "c:\program files\newspoint\bin\NewsPointLauncher.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://portal.ogilvypr.com/opr/cds/ICAWEB/en/ica32/ica32t.exe
DPF: {2E687AA8-B276-4910-BBFB-4E412F685379}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://mail13a.shu.edu/dwa7W.cab
DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} - hxxps://portal.ogilvypr.com/opr/cds/CGC/en/CSGProxy.cab
Filter: text/html - {303471cb-67bf-4838-b3bd-7ae17b9857de} -
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anthon~1\applic~1\mozilla\firefox\profiles\q8fjmh5e.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R0 aijgmqoh;aijgmqoh;c:\windows\system32\drivers\aijgmqoh.sys [2004-8-4 23424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-20 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-20 72944]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
S2 AnonAswSvc;Anonymizer Anti-Spyware Service;c:\program files\anonymizer\anonasw\AnonAswSvc.exe [2007-10-22 37560]
S2 AnonMgmtSvc;Anonymizer Management Service;c:\program files\anonymizer\common\AnonMgmtSvc.exe [2007-10-22 37560]
S2 frpcey;frpcey;c:\windows\system32\drivers\ymqvi.sys --> c:\windows\system32\drivers\ymqvi.sys [?]
S2 zxgereeq;Processor Controller;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-20 7408]
S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]

=============== Created Last 30 ================

2009-05-22 12:11 --d----- c:\docume~1\anthon~1\applic~1\Malwarebytes
2009-05-21 21:22 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-21 21:22 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 21:22 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-21 21:22 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-20 19:38 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-20 19:38 --d----- c:\program files\SUPERAntiSpyware
2009-05-20 18:27 24,576 a------- c:\windows\system32\VundoFixSVC.exe
2009-05-20 17:02 --d----- c:\program files\common files\Wise Installation Wizard
2009-05-14 16:00 --d----- C:\VundoFix Backups
2009-05-13 13:51 224 a------- c:\windows\system32\UACusdrnypvokawoty.dat

==================== Find3M ====================

2009-03-21 10:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-06 10:44 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2005-11-18 17:34 0 a------- c:\docume~1\anthon~1\applic~1\wklnhst.dat
2006-03-23 12:58 418,041 ---sh--- c:\windows\system32\orutv.bak2
2006-03-24 11:04 422,112 ---sh--- c:\windows\system32\orutv.ini2

============= FINISH: 22:30:35.84 ===============

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:34 PM

Posted 04 June 2009 - 10:04 PM

Hello OfficerDibble,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Edited by SifuMike, 04 June 2009 - 10:44 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 OfficerDibble

OfficerDibble
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 07 June 2009 - 08:33 PM

Hello

Thanks for your help.

I downloaded and installed securitycheck. I ran it, the screen appeared asking me to press any key to continue. I pressed a key to continue and the screen disappeared. I waited for 20 minutes assuming that something was happening but it seems like a malfunction.

I have tried a few times. The screen disappears after pressing a key to continue.

Tx

Tony

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:34 PM

Posted 07 June 2009 - 08:50 PM

Hi OfficerDibble,

Sometimes that program has difficulty running, so bypass that.


We will do this another way.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt
Please tell me what antivirus program you are running on this computer.

Edited by SifuMike, 07 June 2009 - 08:55 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 OfficerDibble

OfficerDibble
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 07 June 2009 - 09:09 PM

Hello.

I think this PC has a symantecproduct though I confess it probably hasn't been updated in a while.

Below is the logfile. I'll post the other file seperately.

Thanks

Tony


Logfile of random's system information tool 1.06 (written by random/random)
Run by AS at 2009-06-07 22:05:29
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 29 GB (50%) free of 57 GB
Total RAM: 511 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:34 PM, on 6/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\anthony.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
aC:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\AS\Desktop\RSIT.exe
C:\Program Files\Hijackthis\AS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.129.184.167:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
F2 - REG:system.ini: Shell=anthony.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivguardian.com
O1 - Hosts: 94.232.248.66 www.antivguardian.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NewsPoint] "C:\Program Files\NewsPoint\Bin\NewsPointLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.ogilvypr.com/opr/cds/ICAWEB/...ca32/ica32t.exe
O16 - DPF: {2E687AA8-B276-4910-BBFB-4E412F685379} (CWebsiteViewer Object) -
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail13a.shu.edu/dwa7W.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://portal.ogilvypr.com/opr/cds/CGC/en/CSGProxy.cab
O18 - Filter hijack: text/html - {303471cb-67bf-4838-b3bd-7ae17b9857de} - C:\WINDOWS\system32\dsound3dd.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Anonymizer Anti-Spyware Service (AnonAswSvc) - Anonymizer - C:\Program Files\Anonymizer\AnonASW\AnonAswSvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Common\AnonMgmtSvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 7913 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}]
Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-07 159744]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-09-03 88363]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-04-07 4730880]
"nwiz"=nwiz.exe /install []
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-03-01 200766]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-08-19 290816]
"gcasServ"=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [2005-11-15 473928]
"NewsPoint"=C:\Program Files\NewsPoint\Bin\NewsPointLauncher.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-11-15 101080]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=C:\Program Files\Qualcomm\Eudora\EuShlExt.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Real\RealPlayer\trueplay.exe"="C:\Program Files\Real\RealPlayer\trueplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Anonymizer\Common\AnonProxy.exe"="C:\Program Files\Anonymizer\Common\AnonProxy.exe:*:Enabled:AnonProxy"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-06-07 22:05:29 ----D---- C:\rsit
2009-05-25 23:08:21 ----D---- C:\Program Files\7-Zip
2009-05-22 12:11:27 ----D---- C:\Documents and Settings\Anthony Singer\Application Data\Malwarebytes
2009-05-21 21:22:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-21 21:22:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-20 19:38:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-20 19:38:04 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-20 18:27:07 ----A---- C:\WINDOWS\system32\VundoFixSVC.exe
2009-05-20 17:02:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-14 16:00:57 ----D---- C:\VundoFix Backups
2009-04-17 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 03:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-09 03:21:34 ----D---- C:\Program Files\Common
2009-03-21 21:22:24 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-03-21 21:22:24 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-03-21 21:22:23 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-21 21:22:22 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-03-11 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$

======List of files/folders modified in the last 3 months======

2009-06-07 22:05:30 ----D---- C:\Program Files\Microsoft AntiSpyware
2009-06-07 22:05:30 ----D---- C:\Program Files\Hijackthis
2009-06-07 16:02:44 ----SD---- C:\WINDOWS\Tasks
2009-06-07 03:00:15 ----D---- C:\WINDOWS\Temp
2009-06-05 23:57:31 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-05 12:43:19 ----D---- C:\Program Files\Mozilla Firefox
2009-06-05 12:10:09 ----D---- C:\WINDOWS\system32
2009-06-05 12:10:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-04 18:44:07 ----D---- C:\WINDOWS\Prefetch
2009-05-31 17:37:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-31 16:44:18 ----D---- C:\WINDOWS\system32\drivers
2009-05-28 15:13:11 ----D---- C:\WINDOWS
2009-05-28 15:11:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-26 11:09:25 ----RD---- C:\Program Files
2009-05-25 23:13:15 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-20 18:49:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-20 18:27:05 ----A---- C:\VundoFix.txt
2009-05-20 17:56:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-20 17:03:52 ----SHD---- C:\RECYCLER
2009-05-20 12:34:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-20 12:33:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-14 15:56:51 ----D---- C:\Documents and Settings
2009-05-01 07:17:48 ----A---- C:\WINDOWS\ODBC.INI
2009-04-27 18:46:09 ----SHD---- C:\WINDOWS\Installer
2009-04-27 16:51:54 ----D---- C:\Documents and Settings\Anthony Singer\Application Data\Mozilla
2009-04-17 03:08:27 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 03:08:27 ----D---- C:\WINDOWS\AppPatch
2009-04-17 03:02:29 ----HD---- C:\WINDOWS\inf
2009-04-17 03:02:28 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-17 03:02:17 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 03:02:01 ----D---- C:\WINDOWS\system32\en-US
2009-04-17 03:02:01 ----D---- C:\Program Files\Internet Explorer
2009-04-17 03:01:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-21 10:18:57 ----A---- C:\WINDOWS\system32\kernel32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-02-01 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-09-03 1268204]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-07 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-04-07 1382634]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]
R3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-02-18 42092]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S2 frpcey;frpcey; C:\WINDOWS\system32\drivers\ymqvi.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-01-19 100032]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2004-04-07 73728]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
S2 AnonAswSvc;Anonymizer Anti-Spyware Service; C:\Program Files\Anonymizer\AnonASW\AnonAswSvc.exe [2007-10-22 37560]
S2 AnonMgmtSvc;Anonymizer Management Service; C:\Program Files\Anonymizer\Common\AnonMgmtSvc.exe [2007-10-22 37560]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 zxgereeq;Processor Controller; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-01-19 2041536]
S3 VundoFixSvc;VundoFix Service; C:\WINDOWS\system32\VundoFixSVC.exe [2009-05-20 24576]

-----------------EOF-----------------

#6 OfficerDibble

OfficerDibble
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 07 June 2009 - 09:11 PM

INFO.txt logfile below per previous post. Thanks- Tony


info.txt logfile of random's system information tool 1.06 2009-06-07 22:05:39

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Agere Systems AC'97 Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Bingo RM to MP3 Wave Converter 3.4-->"C:\Program Files\Bingo RM to MP3 Wave Converter\unins000.exe"
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Citrix ICA Web Client-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Cookie Jar-->C:\Program Files\Cookie Jar\uninstall.exe
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
ewido anti-malware-->C:\Program Files\ewido anti-malware\Uninstall.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone Express-->MsiExec.exe /X{8F7A4D82-B168-4F89-99C2-B9873EC877AF}
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Printer\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-11-17-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
iTunes-->MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Jaws PDF Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2A227E0-8DEC-11D2-A564-B2890D000000}\setup.exe" -Uninstall
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaMonkey 2.5-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft AntiSpyware-->MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA GART Driver-->C:\WINDOWS\system32\nvugart.exe Uninstall C:\WINDOWS\system32\Nvgart.nvu,NVIDIA GART Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvcp.inf
PCI 1620 Cardbus Controller and Software-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1033
Peter's Ultimate Alarm Clock version 3.3.0-->"C:\Program Files\Peter's Ultimate Alarm Clock\unins000.exe"
Quick Launch Buttons 5.00 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Morrowind\CSUninstall\Setup.exe" -l0x9
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Verizon Broadband Toolbar-->C:\Program Files\VZBB Toolbar\Uninstall.exe
Verizon Online DSL-->C:\Program Files\Common Files\SupportSoft\Verizon\vzuninstall.exe /starthidden
Verizon Online Help & Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03E6-F17B-11D6-88EA-000476CD2443}\setup.exe" -l0x9 UNINSTALL -removeonly
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

=====HijackThis Backups=====

O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll [2006-03-23]
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\vturo.dll [2006-03-23]
R3 - Default URLSearchHook is missing [2006-03-23]
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\vturo.dll [2006-03-23]
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll [2006-03-23]
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll [2006-03-23]
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\vturo.dll [2006-03-23]
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\vturo.dll [2006-03-24]
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll [2006-03-24]
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\vturo.dll (file missing) [2006-03-24]
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing) [2006-03-24]
O2 - BHO: (no name) - {FD24C83D-6A1E-458C-AB0D-8EE9AB6A0B08} - c:\windows\system32\ivylito.dll [2009-05-20]
O2 - BHO: (no name) - {02D0B3F3-B95C-4ACB-B6C9-DE7AA58813D2} - C:\WINDOWS\system32\ldrusfyh.dll [2009-05-20]
O2 - BHO: (no name) - {05858722-8F2F-408F-8FF7-DFD08B63FCA9} - C:\WINDOWS\system32\ldrusfyh.dll [2009-05-20]
O2 - BHO: (no name) - {FD24C83D-6A1E-458C-AB0D-8EE9AB6A0B08} - c:\windows\system32\ivylito.dll [2009-05-20]
O20 - Winlogon Notify: rarymimp - C:\WINDOWS\SYSTEM32\ivylito.dll [2009-05-20]
O2 - BHO: (no name) - {FD24C83D-6A1E-458C-AB0D-8EE9AB6A0B08} - c:\windows\system32\ivylito.dll [2009-05-20]
O20 - Winlogon Notify: rarymimp - C:\WINDOWS\SYSTEM32\ivylito.dll [2009-05-20]
O2 - BHO: (no name) - {FD24C83D-6A1E-458C-AB0D-8EE9AB6A0B08} - c:\windows\system32\ivylito.dll [2009-05-20]
O2 - BHO: (no name) - {02D0B3F3-B95C-4ACB-B6C9-DE7AA58813D2} - C:\WINDOWS\system32\ldrusfyh.dll [2009-05-20]
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll [2009-05-20]
O2 - BHO: (no name) - {02D0B3F3-B95C-4ACB-B6C9-DE7AA58813D2} - C:\WINDOWS\system32\ldrusfyh.dll [2009-05-20]
O2 - BHO: (no name) - {FD24C83D-6A1E-458C-AB0D-8EE9AB6A0B08} - c:\windows\system32\ivylito.dll [2009-05-20]
O20 - Winlogon Notify: rarymimp - C:\WINDOWS\SYSTEM32\ivylito.dll [2009-05-20]
O2 - BHO: (no name) - {02D0B3F3-B95C-4ACB-B6C9-DE7AA58813D2} - C:\WINDOWS\system32\ldrusfyh.dll [2009-05-20]
O20 - Winlogon Notify: rarymimp - C:\WINDOWS\SYSTEM32\ivylito.dll [2009-05-20]
O2 - BHO: (no name) - {FD24C83D-6A1E-458C-AB0D-8EE9AB6A0B08} - c:\windows\system32\ivylito.dll [2009-05-20]
O2 - BHO: (no name) - {FD24C83D-6A1E-458C-AB0D-8EE9AB6A0B08} - c:\windows\system32\ivylito.dll (file missing) [2009-05-20]
O20 - Winlogon Notify: rarymimp - ivylito.dll (file missing) [2009-05-20]
O2 - BHO: (no name) - {02D0B3F3-B95C-4ACB-B6C9-DE7AA58813D2} - C:\WINDOWS\system32\ldrusfyh.dll (file missing) [2009-05-20]

======Hosts File======

127.0.0.1 localhost
::1 localhost
94.232.248.66 browser-security.microsoft.com
94.232.248.66 antivguardian.com
94.232.248.66 www.antivguardian.com

======System event log======

Computer Name: HPLAPTOP
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0 (KB928365).

Record Number: 62207
Source Name: Windows Update Agent
Time Written: 20090422040813.000000-240
Event Type: error
User:

Computer Name: HPLAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00904BA50E09. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 62195
Source Name: Dhcp
Time Written: 20090421142736.000000-240
Event Type: warning
User:

Computer Name: HPLAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00904BA50E09. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 62185
Source Name: Dhcp
Time Written: 20090421133427.000000-240
Event Type: warning
User:

Computer Name: HPLAPTOP
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0 (KB928365).

Record Number: 62172
Source Name: Windows Update Agent
Time Written: 20090421074634.000000-240
Event Type: error
User:

Computer Name: HPLAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00904BA50E09. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 62169
Source Name: Dhcp
Time Written: 20090421074611.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: HPLAPTOP
Event Code: 2006
Message: LastCounter and LastHelp values of performance registry is corrupted and
needs to be updated. The first and second DWORDs in Data Section are the
original values while the third and forth DWORDs in Data Section are the
updated new values.

Record Number: 9
Source Name: LoadPerf
Time Written: 20090520114834.000000-240
Event Type: warning
User:

Computer Name: HPLAPTOP
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 8
Source Name: LoadPerf
Time Written: 20090520114831.000000-240
Event Type: error
User:

Computer Name: HPLAPTOP
Event Code: 3001
Message: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 14942, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Record Number: 7
Source Name: LoadPerf
Time Written: 20090520114831.000000-240
Event Type: error
User:

Computer Name: HPLAPTOP
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090514164349.000000-240
Event Type: error
User:

Computer Name: HPLAPTOP
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090514164349.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0c00
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:34 PM

Posted 07 June 2009 - 10:30 PM

Hi Tony,


I want you to update and run the Symantec antivirus and then post its log here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:34 PM

Posted 16 June 2009 - 10:31 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users