Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus can not run any Anti-Malware scans


  • This topic is locked This topic is locked
29 replies to this topic

#1 plox3

plox3

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:TX
  • Local time:02:27 AM

Posted 06 June 2009 - 08:21 PM

I recently had an update notice from Microsoft. Once uodated I had IE8 . Before updateing I had run an MBAM scan due to a false anti-virus I think it was Anti-Virus PRO. I have the scan log if need to verify what was detected. I have tried to run MBAM & SAS in both normal & safe mode, recevied the error on the subject line for MBAM. SAS just says will report error & asks for my email. I can not stay on IE without encountering a problem and shutting down. Not even wmp stays on always encounters error & shuts down. Was able to run BitDefender Antivirus 2008 nothing detected.

PC details:
HP 873n
XP Media Center Edition Ver. 2002 Service Pack 3
Pentium 4 2.53GHz
1.50GB RAM

Task Manager shows 40 processes running have noticed multipule duplicate processes

Name User Count
svchost.exe System 4
svchost.exe Network Service 2
svchost.exe Local Service 2

Here is the HJT log
Any help is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:54 PM, on 6/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\usb storage rw\shwicon.exe
c:\windows\system32\cthelper.exe
c:\program files\bitdefender\bitdefender 2008\bdagent.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\system32\ctfmon.exe
c:\program files\hp center\137903\program\backweb-137903.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost;<local>
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 alarm-security.microsoft.com
O1 - Hosts: 209.44.111.57 inetantivir.com
O1 - Hosts: 209.44.111.57 www.inetantivir.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: (no name) - {4321A997-5748-4B69-A76A-B7927E7AF8A2} - (no file)
O2 - BHO: (no name) - {6ADFDA1B-502F-4DD0-889D-2A8BFA21B08F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F241BAA6-9BA8-42B9-B82C-266DB1FE0B07} - (no file)
O2 - BHO: (no name) - {B42BF63C-5354-4C5C-A789-66EFEEC5E1B0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/v/9.1.1.8/applet/aces/aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.3.12/applet/ad...ction-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.9.41/back...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/applet/fr...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/bla...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.com/v/9.0.5.4/applet/vbj...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.com/v/9.0.1.14/applet/ca...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/9.0.2.1/applet/bow...wling-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/v/8.1.1.13/applet/ch...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/8.1.7.44/applet/ch...hess2-en_US.cab
O16 - DPF: Command and Conquer Attack Copter by pogo - http://game1.pogo.com/applet-8.0.1.23/ccst...trike-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/che...dflag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.1.8.1/applet/dom...mino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game3.pogo.com/v/9.0.1.7/applet/vid...deuce-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fir...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/sup...bingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.1.8.1/applet/gol...taire-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game3.pogo.com/v/9.0.8.20/applet/ha...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ha...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/v/8.1.1.13/applet/he...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.2.24/applet/dr...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/9.2.4.6/applet/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game3.pogo.com/v/9.1.1.1/applet/gin2/gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.2.1.12/applet/sp...dkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/mhp...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.6.14/applet/lo...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.0.8.20/applet/ma...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.6.14/applet/sa...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.1.1/applet/shoes/shoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/v/8.1.0.25/applet/al...allin-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/v/8.1.1.1/applet/pai...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.1.6.34/applet/fr...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.9.33/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.2.0.14/applet/wa...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.1.3.19/applet/fl...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.0.8.20/applet/po...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/po...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/po...ppit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/8.1.9.22/applet/ps...udoku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/hot...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/v/8.1.6.3/applet/squ...uares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scr...abble-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game3.pogo.com/v/8.1.9.1/applet/spi...pider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/sp...pooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/9.2.0.14/applet/sq...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.com/v/8.1.6.21/applet/sw...eeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.6.3/applet/sup...omino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/swe...ooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/v/8.1.1.13/applet/sw...tooth-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/mi...lbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.1.1.1/applet/peaks/peaks-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.5.22/applet/tr...ivial-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/v/8.1.6.21/applet/tu...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game3.pogo.com/v/9.1.7.20/applet/tu...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.com/v/9.2.0.14/applet/ml...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game3.pogo.com/v/9.0.8.20/applet/me...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.0.7.14/applet/wo...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.com/v/9.1.7.20/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game3.pogo.com/v/9.2.0.14/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.8.20/applet/wo...class-en_US.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1230009687031
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\buzatobo.dll c:\windows\system32\ranemude.dll,C:\WINDOWS\system32\meyadapi.dll pgdqyt.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 15010 bytes

BC AdBot (Login to Remove)

 


m

#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:27 PM

Posted 07 June 2009 - 08:35 AM

Hello, plox3.
My name is aommaster and I will be helping you with your log.


If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Also, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • RSIT Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 plox3

plox3
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:TX
  • Local time:02:27 AM

Posted 07 June 2009 - 09:42 AM

Hello,
Thanks for replying and for your assistance. The issuses have not been resloved. I ran the scan as requested. Here are the logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-06-07 09:34:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (42%) free of 109 GB
Total RAM: 1535 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:10 AM, on 6/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\usb storage rw\shwicon.exe
c:\windows\system32\cthelper.exe
c:\program files\bitdefender\bitdefender 2008\bdagent.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\system32\ctfmon.exe
c:\program files\hp center\137903\program\backweb-137903.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\administrator\desktop\rsit.exe
c:\program files\trend micro\hijackthis\administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost;<local>
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 alarm-security.microsoft.com
O1 - Hosts: 209.44.111.57 inetantivir.com
O1 - Hosts: 209.44.111.57 www.inetantivir.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: (no name) - {4321A997-5748-4B69-A76A-B7927E7AF8A2} - (no file)
O2 - BHO: (no name) - {6ADFDA1B-502F-4DD0-889D-2A8BFA21B08F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F241BAA6-9BA8-42B9-B82C-266DB1FE0B07} - (no file)
O2 - BHO: (no name) - {B42BF63C-5354-4C5C-A789-66EFEEC5E1B0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/v/9.1.1.8/applet/aces/aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.3.12/applet/ad...ction-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.9.41/back...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/applet/fr...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/bla...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.com/v/9.0.5.4/applet/vbj...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.com/v/9.0.1.14/applet/ca...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/9.0.2.1/applet/bow...wling-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/v/8.1.1.13/applet/ch...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/8.1.7.44/applet/ch...hess2-en_US.cab
O16 - DPF: Command and Conquer Attack Copter by pogo - http://game1.pogo.com/applet-8.0.1.23/ccst...trike-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/che...dflag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.1.8.1/applet/dom...mino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game3.pogo.com/v/9.0.1.7/applet/vid...deuce-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fir...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/sup...bingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.1.8.1/applet/gol...taire-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game3.pogo.com/v/9.0.8.20/applet/ha...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ha...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/v/8.1.1.13/applet/he...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.2.24/applet/dr...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/9.2.4.6/applet/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game3.pogo.com/v/9.1.1.1/applet/gin2/gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.2.1.12/applet/sp...dkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/mhp...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.6.14/applet/lo...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.0.8.20/applet/ma...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.6.14/applet/sa...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.1.1/applet/shoes/shoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/v/8.1.0.25/applet/al...allin-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/v/8.1.1.1/applet/pai...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.1.6.34/applet/fr...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.9.33/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.2.0.14/applet/wa...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.1.3.19/applet/fl...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.0.8.20/applet/po...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/po...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/po...ppit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/8.1.9.22/applet/ps...udoku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/hot...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/v/8.1.6.3/applet/squ...uares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scr...abble-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game3.pogo.com/v/8.1.9.1/applet/spi...pider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/sp...pooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/9.2.0.14/applet/sq...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.com/v/8.1.6.21/applet/sw...eeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.6.3/applet/sup...omino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/swe...ooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/v/8.1.1.13/applet/sw...tooth-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/mi...lbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.1.1.1/applet/peaks/peaks-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.5.22/applet/tr...ivial-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/v/8.1.6.21/applet/tu...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game3.pogo.com/v/9.1.7.20/applet/tu...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.com/v/9.2.0.14/applet/ml...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game3.pogo.com/v/9.0.8.20/applet/me...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.0.7.14/applet/wo...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.com/v/9.1.7.20/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game3.pogo.com/v/9.2.0.14/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.8.20/applet/wo...class-en_US.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1230009687031
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\buzatobo.dll c:\windows\system32\ranemude.dll,C:\WINDOWS\system32\meyadapi.dll pgdqyt.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 15071 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\sdovkyeb.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4321A997-5748-4B69-A76A-B7927E7AF8A2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ADFDA1B-502F-4DD0-889D-2A8BFA21B08F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-12-08 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-12-08 654832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-24 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-24 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F241BAA6-9BA8-42B9-B82C-266DB1FE0B07}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B42BF63C-5354-4C5C-A789-66EFEEC5E1B0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2009-01-25 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-04 50176]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"nwiz"=nwiz.exe /install []
"ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057"=C:\Program Files\USB Storage RW\shwicon.exe [2002-07-03 49152]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe []
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2009-01-25 368640]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]
"QuickTime Task"=c:\program files\quicktime\qttask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-24 148888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
Personal Coach.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\buzatobo.dll c:\windows\system32\ranemude.dll,C:\WINDOWS\system32\meyadapi.dll pgdqyt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-03-23 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\meyadapi.dll
mtexbd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe"="C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe:*:Enabled:bdagent"
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\USB Storage RW\Shwicon.exe"="C:\Program Files\USB Storage RW\Shwicon.exe:*:Enabled:shwicon"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:Ssydudor Ufuguty"
"C:\WINDOWS\svcho.exe"="C:\WINDOWS\svcho.exe:*:Enabled:enable"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Disabled:SoulSeek"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c713c0f3-494f-11dd-942a-0040ca44ed2a}]
shell\Auto\command - K:\winlogon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winlogon.exe


======List of files/folders created in the last 1 months======

2009-06-07 09:34:09 ----D---- C:\rsit
2009-06-05 18:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-06-04 22:01:38 ----D---- C:\WINDOWS\system32\XPSViewer
2009-06-04 22:01:25 ----D---- C:\Program Files\MSBuild
2009-06-04 22:00:54 ----D---- C:\Program Files\Reference Assemblies
2009-06-04 21:52:47 ----D---- C:\WINDOWS\ie8updates
2009-06-04 21:49:16 ----HDC---- C:\WINDOWS\ie8
2009-05-17 14:24:59 ----A---- C:\WINDOWS\system32\AcroIEHelpe15.txt
2009-05-12 06:46:55 ----A---- C:\WINDOWS\system32\AcroIEHelpe14.txt
2009-05-10 15:02:38 ----A---- C:\WINDOWS\system32\AcroIEHelpe12.txt

======List of files/folders modified in the last 1 months======

2009-06-07 09:33:53 ----D---- C:\WINDOWS\Prefetch
2009-06-06 20:12:49 ----D---- C:\WINDOWS\system32\xmldm
2009-06-06 18:23:49 ----D---- C:\WINDOWS\temp
2009-06-06 16:59:18 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2009-06-06 15:56:21 ----A---- C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-005B1102}.BAK
2009-06-06 15:56:08 ----D---- C:\WINDOWS\system32
2009-06-06 15:53:17 ----D---- C:\WINDOWS
2009-06-06 15:52:10 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-06 13:59:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-06 13:59:40 ----A---- C:\WINDOWS\bdagent.INI
2009-06-05 22:06:35 ----D---- C:\WINDOWS\system32\UAs
2009-06-05 21:59:05 ----RD---- C:\Program Files
2009-06-05 21:59:05 ----D---- C:\WINDOWS\system32\drivers
2009-06-05 21:58:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-05 21:28:02 ----D---- C:\WINDOWS\Help
2009-06-05 18:44:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-05 18:42:39 ----D---- C:\WINDOWS\inf
2009-06-05 18:41:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-04 23:56:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-04 23:55:56 ----RSD---- C:\WINDOWS\assembly
2009-06-04 23:47:19 ----SHD---- C:\WINDOWS\Installer
2009-06-04 23:47:19 ----D---- C:\Config.Msi
2009-06-04 23:44:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-04 23:43:58 ----D---- C:\WINDOWS\WinSxS
2009-06-04 23:32:52 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-06-04 23:32:52 ----A---- C:\WINDOWS\system32\nsysp.ini
2009-06-04 23:32:52 ----A---- C:\WINDOWS\system32\nsysk.ini
2009-06-04 23:32:52 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-06-04 23:32:49 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-04 23:32:49 ----A---- C:\WINDOWS\system32\nsysw.ini
2009-06-04 23:32:08 ----D---- C:\WINDOWS\system32\en-US
2009-06-04 23:32:07 ----D---- C:\WINDOWS\Media
2009-06-04 23:32:07 ----D---- C:\Program Files\Internet Explorer
2009-06-04 22:03:07 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-04 22:01:06 ----D---- C:\WINDOWS\Fonts
2009-06-04 21:52:56 ----A---- C:\WINDOWS\imsins.BAK
2009-06-04 21:52:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-01 08:40:04 ----A---- C:\WINDOWS\system32\AcroIEHelpe.txt
2009-05-31 13:17:59 ----HD---- C:\Documents and Settings\Administrator\Application Data\Corel
2009-05-30 15:43:48 ----D---- C:\WINDOWS\system32\cock
2009-05-30 02:09:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-29 11:40:19 ----D---- C:\WINDOWS\system32\wbem
2009-05-29 10:31:34 ----A---- C:\WINDOWS\lexstat.ini
2009-05-28 23:16:22 ----D---- C:\WINDOWS\system32\FxsTmp
2009-05-25 10:50:08 ----A---- C:\WINDOWS\system32\sysp.tmp
2009-05-25 10:50:08 ----A---- C:\WINDOWS\system32\sysk.tmp
2009-05-23 14:38:24 ----D---- C:\WINDOWS\system32\Macromed
2009-05-20 23:12:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-17 04:23:03 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\c:\program files\superantispyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 EvcapMaui;Emuzed EvcapMaui Device; C:\WINDOWS\System32\DRIVERS\EvcapMau.sys [2002-08-22 166784]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-09-04 933850]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-08 13780]
R3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz129;cpuz129; \??\C:\Program Files\PC Wizard 2008\pcwiz32.sys []
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera; C:\WINDOWS\System32\Drivers\ubVeo532.sys [2002-07-01 95232]
S3 Jukebox3;Jukebox3; C:\WINDOWS\System32\DRIVERS\ctpdusb.sys [2006-01-19 17280]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-07 47360]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\ehome\ehSched.exe [2008-04-13 84992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-24 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-03-28 303104]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-01-25 1179648]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-09-04 61440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2009-01-25 1261568]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2009-01-25 86016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-08 138680]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

----------------------------------------------------------------------------------------------------------------------------------------------------------------



info.txt logfile of random's system information tool 1.06 2009-06-07 09:34:15

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE" /U /S
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft ShowBiz-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Arcsoft\Showbiz\Uninst.isu"
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BitDefender Antivirus 2008-->MsiExec.exe /I{0DE20CB1-3E10-411F-A7ED-75C9E11D4CC8}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BrainBooster (remove only)-->K:\\uninstall.exe
ConvertXtoDVD 3.4.7.121-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Creative Jukebox Driver-->C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Detto IntelliMover Demo-->MsiExec.exe /X{E62C706B-1352-4DCA-B4D4-81C24750B70F}
Diner Dash-->K:\PROGRA~1\PLAYFI~1\DINERD~1\UNWISE.EXE K:\PROGRA~1\PLAYFI~1\DINERD~1\INSTALL.LOG
Dominoes Deluxe-->C:\WINDOWS\uninst.exe -fC:\WinGames.Inc\DominoDX\DeIsL1.isu
FL Studio v7.0-->"K:\FL-7-xxl\unins000.exe"
Galapago-->"K:\Galapago\unins000.exe"
GemMaster 2-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {4EDAE550-ACA5-4EF6-88BD-9F2B8BC2982D}
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
hp center-->C:\WINDOWS\BWUnin-6.1.0.170.exe -AppId 137903
HP Digital Imaging Album Printing 1.0-->MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Memories Disc-->MsiExec.exe /X{FF384BDE-429B-45AD-A0C6-E593393D9D1C}
hp toolkit-->c:\Windows\HPTK\unhptkit.exe
Imikimi Plugin 0.3.0-->MsiExec.exe /I{3E99B1F8-61B7-4317-AB38-855810CCE5C3}
Inactive HP Printer Drivers (Remove only)-->RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
InterVideo MP3 XPack-->"C:\Program Files\InstallShield Installation Information\{99755640-9633-11D5-AB3C-0050DAB311CC}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
iWin Games (remove only)-->"K:\iWin Games\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Jewel Quest 2 (remove only)-->"K:\Jewel Quest 2\Uninstall.exe"
Jewel Quest Solitaire (remove only)-->"C:\Program Files\iWin.com\Jewel Quest Solitaire\Uninstall.exe"
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark X1100 Series-->C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Mahjong Towers Eternity (remove only)-->"C:\Program Files\Mahjong Towers Eternity\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mavis Beacon Teaches Typing 15-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}\SETUP.EXE" -l0x9
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires Gold-->"K:\AOE_Game\UNINSTAL.EXE" /runtemp
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MyDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\Setup.exe" -l0x9 -L0x9 /SMAINT
Mystery Case Files: Madame Fate (remove only)-->"C:\Program Files\Mystery Case Files - Madame Fate\Uninstall.exe"
Nancy Drew: Danger on Deception Island-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "K:\setup.exe" -l0x9
Nancy Drew: The Curse of Blackmoor Manor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "K:\Nancy Drew\The Curse of Blackmoor Manor\setup.exe" -l0x9
NOMAD Explorer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe" -l0x9 /remove
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
Oasis-->K:\PROGRA~1\PLAYFI~1\DINERD~1\OASIS\UNWISE.EXE K:\PROGRA~1\PLAYFI~1\DINERD~1\OASIS\INSTALL.LOG
OTOY-->RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC-Doctor for Windows-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken Financial Center-->C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
Scholastic's I SPY Fantasy-->K:\PROGRA~1\SCHOLA~1\ISPYFA~1\UNWISE.EXE K:\PROGRA~1\SCHOLA~1\ISPYFA~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\Setup.exe" -l0x9
Space Rocks-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {9FA01E11-9015-4140-B10A-5C6AA949B2FC}
Super Collapse! from GameHouse-->K:\PROGRA~1\GAMEHO~1\COLLAPSE\UNWISE.EXE /U K:\PROGRA~1\GAMEHO~1\COLLAPSE\INSTALL.LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Top Ten Solitaire-->"C:\Program Files\Top Ten Solitaire\Uninstall.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB Storage R/W v1.14e057-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C00EC1DE-8FB6-4099-925E-BB03EC9F4557}\Setup.exe" -l0x9
Wal-Mart Digital Photo Manager-->MsiExec.exe /X{E8E9A39C-6F70-4261-816F-2B2DE8F7BB13}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\Uninst32.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\uninst32.exe

=====HijackThis Backups=====

O22 - SharedTaskScheduler: ceroxylon - {c96395b8-ab09-46a4-b539-7ddf6e061808} - (no file) [2008-08-02]
O3 - Toolbar: Internet Service - {38BF827A-D7C5-46E1-A9A2-47B1B5BB5438} - C:\Program Files\Applications\iebr.dll (file missing) [2008-08-02]
O15 - Trusted Zone: *.doginhispen.com [2008-08-02]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-08-02]
O2 - BHO: SpyWarningBHO Class - {F58FF278-2198-403b-9170-C95022A194C6} - C:\Program Files\ASpyC\SpyWarning.dll (file missing) [2008-08-02]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/ [2008-08-02]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us6.hpwis.com/ [2008-08-02]
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Applications\wcs.exe [2008-08-02]
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) [2008-08-02]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/ [2008-08-02]
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe" [2008-08-02]
O15 - Trusted Zone: *.whataboutadog.com [2008-08-02]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/ [2008-08-02]
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) [2008-08-03]
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Applications\wcs.exe [2008-08-03]
O2 - BHO: (no name) - {F58FF278-2198-403b-9170-C95022A194C6} - (no file) [2008-08-03]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-08-03]
O3 - Toolbar: (no name) - {38BF827A-D7C5-46E1-A9A2-47B1B5BB5438} - (no file) [2008-08-03]

======Hosts File======

127.0.0.1 localhost
::1 localhost
209.44.111.57 alarm-security.microsoft.com
209.44.111.57 inetantivir.com
209.44.111.57 www.inetantivir.com

======Security center information======

AV: Bitdefender Antivirus

======System event log======

Computer Name: ORTEGACLAN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 14569
Source Name: Tcpip
Time Written: 20090321235323.000000-360
Event Type: warning
User:

Computer Name: ORTEGACLAN
Event Code: 8
Message: Printer Lexmark X1100 Series was purged.

Record Number: 14521
Source Name: Print
Time Written: 20090318110830.000000-360
Event Type: warning
User: ORTEGACLAN\Administrator

Computer Name: ORTEGACLAN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 14520
Source Name: Tcpip
Time Written: 20090318104335.000000-360
Event Type: warning
User:

Computer Name: ORTEGACLAN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 14519
Source Name: Tcpip
Time Written: 20090318101500.000000-360
Event Type: warning
User:

Computer Name: ORTEGACLAN
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040CA44ED2A. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14513
Source Name: Dhcp
Time Written: 20090317154622.000000-360
Event Type: warning
User:

=====Application event log=====

Computer Name: ORTEGACLAN
Event Code: 485
Message: wuauclt (2360) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 10991
Source Name: ESENT
Time Written: 20090118151822.000000-360
Event Type: error
User:

Computer Name: ORTEGACLAN
Event Code: 485
Message: wuauclt (2360) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 10990
Source Name: ESENT
Time Written: 20090118151822.000000-360
Event Type: error
User:

Computer Name: ORTEGACLAN
Event Code: 485
Message: wuauclt (2360) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 10989
Source Name: ESENT
Time Written: 20090118151822.000000-360
Event Type: error
User:

Computer Name: ORTEGACLAN
Event Code: 485
Message: wuauclt (2360) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 10988
Source Name: ESENT
Time Written: 20090118151822.000000-360
Event Type: error
User:

Computer Name: ORTEGACLAN
Event Code: 485
Message: wuauclt (2360) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 10987
Source Name: ESENT
Time Written: 20090118151822.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;C:\Program Files\QuickTime\QTSystem;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:27 PM

Posted 08 June 2009 - 09:48 AM

Hello, plox3.
We need to download and run ComboFix (by sUBs)
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  • Please download ComboFix from one of these locations:
    Link 1
    Link 2
    Link 3
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 plox3

plox3
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:TX
  • Local time:02:27 AM

Posted 08 June 2009 - 07:12 PM

Disabled av as advised. Here are the logs you requested. Thanks

ComboFix 09-06-07.07 - Administrator 06/08/2009 14:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1093 [GMT -6:00]
Running from: c:\documents and settings\administrator\desktop\combofix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide3.dll
c:\documents and settings\Administrator\Application Data\inst.exe
c:\documents and settings\Administrator\Local Settings\Temp\IadHide3.dll
c:\program files\common files\bitdefender\bitdefender threat scanner\scan.dll
c:\windows\amufudoc.dll
c:\windows\azirifaduf.dll
c:\windows\system32\UAs
c:\windows\system32\UAs\9129837_UAs001.dat
c:\windows\system32\UAs\9129837_UAs002.dat
c:\windows\system32\UAs\AcroRd32_UAs001.dat
c:\windows\system32\UAs\AdobeUpdater_UAs001.dat
c:\windows\system32\UAs\Download_UAs001.dat
c:\windows\system32\UAs\Download_UAs002.dat
c:\windows\system32\UAs\dwwin_UAs001.dat
c:\windows\system32\UAs\gom_UAs001.dat
c:\windows\system32\UAs\GrLauncher_UAs001.dat
c:\windows\system32\UAs\helpctr_UAs001.dat
c:\windows\system32\UAs\helpctr_UAs002.dat
c:\windows\system32\UAs\HelpHost_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs002.dat
c:\windows\system32\UAs\iexplore_UAs003.dat
c:\windows\system32\UAs\iexplore_UAs004.dat
c:\windows\system32\UAs\iexplore_UAs005.dat
c:\windows\system32\UAs\iexplore_UAs006.dat
c:\windows\system32\UAs\iexplore_UAs007.dat
c:\windows\system32\UAs\iexplore_UAs008.dat
c:\windows\system32\UAs\iexplore_UAs009.dat
c:\windows\system32\UAs\iexplore_UAs010.dat
c:\windows\system32\UAs\install[1]_UAs001.dat
c:\windows\system32\UAs\jusched_UAs001.dat
c:\windows\system32\UAs\ld08_UAs001.dat
c:\windows\system32\UAs\mbam_UAs001.dat
c:\windows\system32\UAs\mbam_UAs002.dat
c:\windows\system32\UAs\mbam_UAs003.dat
c:\windows\system32\UAs\msn6_UAs001.dat
c:\windows\system32\UAs\rn_UAs001.dat
c:\windows\system32\UAs\setup_UAs001.dat
c:\windows\system32\UAs\setup_wm_UAs001.dat
c:\windows\system32\UAs\SoftwareUpdate_UAs001.dat
c:\windows\system32\UAs\ssupdate_UAs001.dat
c:\windows\system32\UAs\superantispyware_UAs001.dat
c:\windows\system32\UAs\superantispyware_UAs002.dat
c:\windows\system32\UAs\svchost_UAs001.dat
c:\windows\system32\UAs\svchost_UAs002.dat
c:\windows\system32\UAs\svchost_UAs003.dat
c:\windows\system32\UAs\svchost_UAs004.dat
c:\windows\system32\UAs\svchost_UAs005.dat
c:\windows\system32\UAs\SWHELP~1_UAs001.dat
c:\windows\system32\UAs\vsserv_UAs001.dat
c:\windows\system32\UAs\vsserv_UAs002.dat
c:\windows\system32\UAs\wmplayer_UAs001.dat
c:\windows\system32\UAs\wmplayer_UAs002.dat
c:\windows\system32\UAs\xpnetdiag_UAs001.dat
c:\windows\ynh.dx
D:\Desktop.ini
D:\resycled

Infected copy of c:\windows\system32\powrprof.dll was found and disinfected
Restored copy from - c:\system volume information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077213.dll

Infected copy of c:\windows\system32\wininet.dll was found and disinfected
Restored copy from - c:\system volume information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077216.dll

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 21:01 . 2009-06-08 21:07 -------- d-----w- c:\windows\system32\UAs
2009-06-08 21:00 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-08 21:00 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-08 21:00 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-06-08 21:00 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-06-07 15:34 . 2009-06-07 15:34 -------- d-----w- C:\rsit
2009-06-05 17:49 . 2009-06-05 17:49 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-06-05 05:37 . 2009-06-05 05:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-05 05:35 . 2009-06-05 05:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-05 05:32 . 2009-06-05 05:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-05 04:01 . 2009-06-05 04:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-05 04:01 . 2009-06-05 04:01 -------- d-----w- c:\program files\MSBuild
2009-06-05 04:00 . 2009-06-05 04:00 -------- d-----w- c:\program files\Reference Assemblies
2009-06-05 03:52 . 2009-06-05 03:52 -------- d-----w- c:\windows\ie8updates
2009-06-05 03:52 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-05 03:49 . 2009-06-05 03:51 -------- dc-h--w- c:\windows\ie8
2009-06-03 01:23 . 2009-06-04 23:14 347 ----a-w- c:\windows\system32\urhtps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 21:06 . 2008-02-12 22:27 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-08 21:02 . 2007-01-23 21:58 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-005B1102}.dat
2009-06-08 21:02 . 2007-01-23 21:58 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-005B1102}.dat
2009-06-06 20:30 . 2009-03-24 01:55 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-05 05:32 . 2009-04-30 16:40 6394 ----a-w- c:\windows\system32\krncode.dat
2009-06-05 05:32 . 2009-04-30 16:40 20850 ----a-w- c:\windows\system32\wincode.dat
2009-06-05 05:32 . 2009-04-30 16:40 1575 ----a-w- c:\windows\system32\pwrcode.dat
2009-06-05 04:03 . 2008-12-28 21:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-31 19:17 . 2007-02-03 03:32 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Corel
2009-05-30 08:09 . 2008-12-28 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 08:09 . 2009-03-28 11:37 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 19:20 . 2008-12-28 00:22 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 19:19 . 2008-12-28 00:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 16:50 . 2002-09-27 03:58 21504 ----a-w- c:\windows\system32\sysp.tmp
2009-05-25 16:50 . 2002-09-27 03:57 993792 ----a-w- c:\windows\system32\sysk.tmp
2009-05-13 03:31 . 2009-04-30 01:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-08 04:07 . 2009-05-08 04:07 -------- d-----w- c:\program files\iTunes
2009-05-08 04:07 . 2009-05-08 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-08 04:07 . 2009-05-08 04:07 -------- d-----w- c:\program files\iPod
2009-05-08 04:07 . 2007-09-15 04:00 -------- d-----w- c:\program files\Common Files\Apple
2009-05-08 04:00 . 2009-05-08 04:00 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-30 18:09 . 2009-04-30 18:09 112 ----a-w- c:\windows\system32\srvblck2.tmp
2009-04-24 13:43 . 2009-04-24 13:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 13:43 . 2007-03-20 23:02 -------- d-----w- c:\program files\Java
2009-04-24 13:43 . 2009-04-24 13:43 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 01:15 . 2008-08-08 00:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2009-04-14 15:20 . 2007-08-25 01:56 -------- d-----w- c:\program files\Mystery Case Files - Ravenhearst
2009-04-14 15:20 . 2007-08-09 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-13 20:11 . 2007-07-29 16:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-13 19:42 . 2008-12-06 15:42 -------- d-----w- c:\program files\Top Ten Solitaire
2009-03-28 02:54 . 2009-03-28 02:54 1991127 ----a-w- c:\windows\java\Packages\IENRTBFD.ZIP
2009-03-21 14:06 . 2009-04-30 16:40 989696 ----a-w- c:\windows\system32\osysk.dat
2009-03-19 22:32 . 2009-04-06 02:40 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 22:32 . 2009-03-19 22:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-15 17:26 . 2009-03-15 17:26 1262023 ----a-w- c:\windows\java\Packages\05NJD7VT.ZIP
2008-10-21 21:25 . 2008-10-21 21:25 0 ----a-w- c:\program files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-04 50176]
"ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057"="c:\program files\USB Storage RW\shwicon.exe" [2002-07-04 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-25 368640]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 155648]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-09-04 364544]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-03 24576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2002-9-16 16384]
Personal Coach.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2007-11-15 2392064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-24 01:54 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\BitDefender\\BitDefender 2008\\bdagent.exe"=
"c:\\Program Files\\USB Storage RW\\Shwicon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/1/2008 7:55 PM 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 1:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
R3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\drivers\EvcapMau.sys [8/22/2002 3:54 AM 166784]
S3 cpuz129;cpuz129;\??\c:\program files\PC Wizard 2008\pcwiz32.sys --> c:\program files\PC Wizard 2008\pcwiz32.sys [?]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 6:30 PM 95232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4321A997-5748-4B69-A76A-B7927E7AF8A2} - (no file)
BHO-{6ADFDA1B-502F-4DD0-889D-2A8BFA21B08F} - (no file)
BHO-{F241BAA6-9BA8-42B9-B82C-266DB1FE0B07} - (no file)
HKLM-Run-BitDefender Antiphishing Helper - c:\program files\BitDefender\BitDefender 2008\IEShow.exe
Notify-NavLogon - (no file)
Notify-WgaLogon - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us6.hpwis.com/
uInternet Settings,ProxyOverride = *.local;localhost;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\www.update
DPF: Aces Up! by pogo - hxxp://game3.pogo.com/v/9.1.1.8/applet/aces/aces-en_US.cab
DPF: Addiction by pogo - hxxp://game3.pogo.com/v/9.0.3.12/applet/addiction/addiction-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/backgammon/backgammon-en_US.cab
DPF: Bingo Luau by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/freebingo/freebingo-en_US.cab
DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/blackjack/blackjack-en_US.cab
DPF: Blackjack Carnival by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/vbjack2/vbjack2-en_US.cab
DPF: Blooop by pogo - hxxp://game3.pogo.com/v/9.0.1.14/applet/cascade/cascade-en_US.cab
DPF: Bowling by pogo - hxxp://game3.pogo.com/v/9.0.2.1/applet/bowling/bowling-en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/checkers2/checkers-en_US.cab
DPF: Chess by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/chess2/chess2-en_US.cab
DPF: Command and Conquer Attack Copter by pogo - hxxp://game1.pogo.com/applet-8.0.1.23/ccstrike/ccstrike-en_US.cab
DPF: Dice City Roller by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab
DPF: Dice Derby by pogo - hxxp://game1.pogo.com/v/8.1.6.3/applet/checkeredflag/checkeredflag-en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Dominoes v2 by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/domino2/domino2-en_US.cab
DPF: Double Deuce Poker by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/videopoker2/doubledeuce-en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/firstclass2/firstclass2-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab
DPF: Golf Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/golfsolitaire/golfsolitaire-en_US.cab
DPF: Hangman Hijinks by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/hangman/hangman-en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/v/8.1.6.21/applet/harvest/harvest-en_US.cab
DPF: Hearts by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/hearts/hearts-en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/v/8.1.2.24/applet/drawpoker/drawpoker-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game3.pogo.com/v/9.2.4.6/applet/pool2/pool-en_US.cab
DPF: Hog Heaven Slots by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game3.pogo.com/v/9.1.1.1/applet/gin2/gin2-en_US.cab
DPF: KenoPop! by pogo - hxxp://game3.pogo.com/v/8.2.1.12/applet/speedkeno/speedkeno-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game3.pogo.com/v/9.0.6.14/applet/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/mahjong2/mahjong2-en_US.cab
DPF: Mahjong Safari by Pogo - hxxp://game3.pogo.com/v/9.0.6.14/applet/safari/safari-en_US.cab
DPF: Makeover Madness by pogo - hxxp://game3.pogo.com/v/9.1.1.1/applet/shoes/shoes-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: No-Limit Texas Hold'em by pogo - hxxp://game1.pogo.com/v/8.1.0.25/applet/allin/allin-en_US.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/paigow/paigow-en_US.cab
DPF: Payday Freecell Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/freecell2/freecell2-en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-8.0.9.33/penguins/penguins-en_US.cab
DPF: Perfect Pair Solitaire by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/waterwheel/waterwheel-en_US.cab
DPF: Phlinx by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/flinger/flinger-en_US.cab
DPF: Pop Fu by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/popfu/popfu-en_US.cab
DPF: PoppaZoppa by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/poppazoppa/poppazoppa-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
DPF: Pseudoku by pogo - hxxp://game3.pogo.com/v/8.1.9.22/applet/pseudoku/pseudoku-en_US.cab
DPF: Quick Quack by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/hotstreak/hotstreak-en_US.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/v/8.1.6.3/applet/squares/squares-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
DPF: Scrabble by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/scrabble/scrabble-en_US.cab
DPF: Shuffle Bump by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
DPF: Spider Solitaire by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/spider/spider-en_US.cab
DPF: Spooky Slots - hxxp://game1.pogo.com/v/8.1.2.12/applet/spooky/spooky-en_US.cab
DPF: Squelchies by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/squelchies/squelchies-en_US.cab
DPF: Stax by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game3.pogo.com/v/8.1.6.21/applet/sweeper/sweeper-en_US.cab
DPF: Super Dominoes by pogo - hxxp://game1.pogo.com/v/8.1.6.3/applet/superdomino/superdomino-en_US.cab
DPF: Sweet Tooth 2 by Pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/sweettooth2/sweettooth2-en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/sweettooth/sweettooth-en_US.cab
DPF: Thousand Island Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/millbrae/millbrae-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game3.pogo.com/v/9.1.1.1/applet/peaks/peaks-en_US.cab
DPF: Trivial Pursuit by pogo - hxxp://game3.pogo.com/v/9.1.5.22/applet/trivial/trivial-en_US.cab
DPF: Tumble Bees by pogo - hxxp://game1.pogo.com/v/8.1.6.21/applet/tumbee2/tumbee2-en_US.cab
DPF: Turbo 21 v2 by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/turbo22/turbo22-en_US.cab
DPF: Vaults of Atlantis Slots by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/mlslots/mlslots-en_US.cab
DPF: Wonderland Memories by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/memories/memories-en_US.cab
DPF: Word Whomp by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/wordwhomp2/whomp2-en_US.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/whackdown/whackdown-en_US.cab
DPF: WordJong by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/wordjong/wordjong-en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/worldclass/worldclass-en_US.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 15:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4063396754-157976077-2142333979-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,6d,6e,b8,38,43,86,4a,a2,39,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,6d,6e,b8,38,43,86,4a,a2,39,be,\

[HKEY_USERS\S-1-5-21-4063396754-157976077-2142333979-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3c,a1,bb,0d,12,8b,70,3a,af,75,dd,18,8f,54,3d,b5,48,30,53,9b,5f,e0,ee,
59,fd,b7,fd,2e,bb,04,ba,33,39,ba,8c,d3,1d,31,07,3e,c3,f3,07,80,43,5f,f7,28,\
"??"=hex:1e,53,84,b3,51,aa,f6,3a,5e,d5,ba,5b,f8,4e,b7,6e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehsched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\eHome\ehrec.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-08 15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 21:17
ComboFix2.txt 2008-08-03 21:37

Pre-Run: 47,842,168,832 bytes free
Post-Run: 48,126,767,104 bytes free

349 --- E O F --- 2009-06-06 00:42
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:26 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\ehome\ehtray.exe
c:\program files\usb storage rw\shwicon.exe
c:\program files\bitdefender\bitdefender 2008\bdagent.exe
c:\program files\java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehmsas.exe
c:\program files\itunes\ituneshelper.exe
c:\program files\hp center\137903\program\backweb-137903.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/v/9.1.1.8/applet/aces/aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.3.12/applet/ad...ction-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.9.41/back...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/applet/fr...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/bla...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.com/v/9.0.5.4/applet/vbj...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.com/v/9.0.1.14/applet/ca...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/9.0.2.1/applet/bow...wling-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/v/8.1.1.13/applet/ch...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/8.1.7.44/applet/ch...hess2-en_US.cab
O16 - DPF: Command and Conquer Attack Copter by pogo - http://game1.pogo.com/applet-8.0.1.23/ccst...trike-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/che...dflag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.1.8.1/applet/dom...mino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game3.pogo.com/v/9.0.1.7/applet/vid...deuce-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fir...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/sup...bingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.1.8.1/applet/gol...taire-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game3.pogo.com/v/9.0.8.20/applet/ha...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ha...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/v/8.1.1.13/applet/he...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.2.24/applet/dr...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/9.2.4.6/applet/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game3.pogo.com/v/9.1.1.1/applet/gin2/gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.2.1.12/applet/sp...dkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/mhp...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.6.14/applet/lo...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.0.8.20/applet/ma...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.6.14/applet/sa...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.1.1/applet/shoes/shoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/v/8.1.0.25/applet/al...allin-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/v/8.1.1.1/applet/pai...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.1.6.34/applet/fr...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.9.33/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.2.0.14/applet/wa...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.1.3.19/applet/fl...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.0.8.20/applet/po...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/po...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/po...ppit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/8.1.9.22/applet/ps...udoku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/hot...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/v/8.1.6.3/applet/squ...uares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scr...abble-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game3.pogo.com/v/8.1.9.1/applet/spi...pider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/sp...pooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/9.2.0.14/applet/sq...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.com/v/8.1.6.21/applet/sw...eeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.6.3/applet/sup...omino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/swe...ooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/v/8.1.1.13/applet/sw...tooth-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/mi...lbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.1.1.1/applet/peaks/peaks-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.5.22/applet/tr...ivial-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/v/8.1.6.21/applet/tu...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game3.pogo.com/v/9.1.7.20/applet/tu...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.com/v/9.2.0.14/applet/ml...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game3.pogo.com/v/9.0.8.20/applet/me...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.0.7.14/applet/wo...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.com/v/9.1.7.20/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game3.pogo.com/v/9.2.0.14/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.8.20/applet/wo...class-en_US.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1230009687031
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 14179 bytes

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:27 PM

Posted 10 June 2009 - 10:20 AM

Hi!

Thanks for posting your log. I'm currently working on a fix and will post it up as soon as possible :thumbup2:

Edited by aommaster, 10 June 2009 - 01:41 PM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:27 PM

Posted 10 June 2009 - 04:36 PM

Hello, plox3.
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.




We need to run a Combofix script
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    file::
    c:\windows\system32\urhtps.dat
    c:\windows\system32\krncode.dat
    c:\windows\system32\wincode.dat
    c:\windows\system32\pwrcode.dat
    c:\windows\system32\sysp.tmp
    c:\windows\system32\sysk.tmp
    c:\windows\system32\srvblck2.tmp
    c:\windows\system32\osysk.dat
    c:\program files\temp01
    
    reglock::
    [HKEY_USERS\S-1-5-21-4063396754-157976077-2142333979-500\Software\Microsoft\Internet Explorer\User Preferences]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS]
    
    dds::
    uInternet Settings,ProxyOverride = *.local;localhost;<local>
    uInternet Settings,ProxyServer = http=localhost:7171
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Now, drag and drop CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
NEXT:

We need to run a Kaspersky Scan
  • Go to Kaspersky WebScanner
  • Click on Kaspersky Online Scanner
  • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database --> Extended (if available otherwise Standard)
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
  • Click OK
  • Now under select a target to scan, Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
  • Scan Archives
  • Scan Mail Bases
NEXT:

Please answer the following questions so I can better help you with the cleanup process:

Your combofix run shows that you've run combofix three times. Was there any reason why you did this?


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log
  • Kaspersky Log
  • Answers to my questions above

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 plox3

plox3
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:TX
  • Local time:02:27 AM

Posted 11 June 2009 - 07:43 PM

Hello
Sorry for the delay. I ve reviewed the options. I think Ill chose to clean,re install. Only thing is I never received a copy(Disc) of the os when bought my PC. I think the back up is on D drive. The PC is mostly for daily use. The kids dont use the laptop, so no sensitve info on the infected system. I will post the logs as soon as completed. As for the prior combofix's I do have 2 preveious logs on the PC. From a previous virus. Will provide if needed ,I have a file where I saved for some reason, I think I can still find the post on here.

Thanks for the help.

#9 plox3

plox3
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:TX
  • Local time:02:27 AM

Posted 11 June 2009 - 10:23 PM

I began ComboFix around 7:45, blue box appeared scanned then restarted. Monitor has been black ever since , reboot started then screen went blank, I do recall seeing the "identifying drives or -er " screen. I left it alone till you advise next step.

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:27 PM

Posted 12 June 2009 - 09:26 AM

Hi!

Okay please do the following:
  • Do a cold shutdown. That is, switch the computer off. Pull out the plug to make sure there's no electric supply to it, and keep it that way for ~2 minutes.
  • Replug the electricity and boot up the computer.
  • Start booting up in normal mode and please post any error messages that come up.
  • If the bootup fails, please boot into safe mode

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 plox3

plox3
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:TX
  • Local time:02:27 AM

Posted 13 June 2009 - 12:55 AM

Hi,
I shutdown,unplugged,booted up, ComboFix completed log , will post. I didn't run Kaspersky scan yet. I am not connected to the internet. I have been transfering logs & fixes with a jumpdrive. Am I to connect to the internet to run the scan? Im going to wait until you reply. I have disabled my antivirus.



ComboFix 09-06-07.07 - Administrator 06/11/2009 19:52.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1117 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FILE ::
"c:\program files\temp01"
"c:\windows\system32\krncode.dat"
"c:\windows\system32\osysk.dat"
"c:\windows\system32\pwrcode.dat"
"c:\windows\system32\srvblck2.tmp"
"c:\windows\system32\sysk.tmp"
"c:\windows\system32\sysp.tmp"
"c:\windows\system32\urhtps.dat"
"c:\windows\system32\wincode.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide3.dll
c:\documents and settings\Administrator\Local Settings\Temp\IadHide3.dll
.
---- Previous Run -------
.
c:\program files\temp01
c:\windows\system32\krncode.dat
c:\windows\system32\osysk.dat
c:\windows\system32\pwrcode.dat
c:\windows\system32\srvblck2.tmp
c:\windows\system32\sysk.tmp
c:\windows\system32\sysp.tmp
c:\windows\system32\UAs
c:\windows\system32\urhtps.dat
c:\windows\system32\wincode.dat

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-08 21:00 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-08 21:00 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-08 21:00 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-06-08 21:00 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-06-07 15:34 . 2009-06-07 15:34 -------- d-----w- C:\rsit
2009-06-05 17:49 . 2009-06-05 17:49 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-06-05 05:37 . 2009-06-05 05:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-05 05:35 . 2009-06-05 05:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-05 05:32 . 2009-06-05 05:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-05 04:01 . 2009-06-05 04:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-05 04:01 . 2009-06-05 04:01 -------- d-----w- c:\program files\MSBuild
2009-06-05 04:00 . 2009-06-05 04:00 -------- d-----w- c:\program files\Reference Assemblies
2009-06-05 03:52 . 2009-06-05 03:52 -------- d-----w- c:\windows\ie8updates
2009-06-05 03:52 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-05 03:49 . 2009-06-05 03:51 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 05:04 . 2008-02-12 22:27 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-12 01:56 . 2007-01-23 21:58 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-005B1102}.dat
2009-06-12 01:56 . 2007-01-23 21:58 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-005B1102}.dat
2009-06-10 01:00 . 2007-02-05 04:44 90568 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 20:30 . 2009-03-24 01:55 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-05 04:03 . 2008-12-28 21:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-31 19:17 . 2007-02-03 03:32 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Corel
2009-05-30 08:09 . 2008-12-28 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 08:09 . 2009-03-28 11:37 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 19:20 . 2008-12-28 00:22 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 19:19 . 2008-12-28 00:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-13 03:31 . 2009-04-30 01:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-08 04:07 . 2009-05-08 04:07 -------- d-----w- c:\program files\iTunes
2009-05-08 04:07 . 2009-05-08 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-08 04:07 . 2009-05-08 04:07 -------- d-----w- c:\program files\iPod
2009-05-08 04:07 . 2007-09-15 04:00 -------- d-----w- c:\program files\Common Files\Apple
2009-05-08 04:00 . 2009-05-08 04:00 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-24 13:43 . 2009-04-24 13:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 13:43 . 2007-03-20 23:02 -------- d-----w- c:\program files\Java
2009-04-24 13:43 . 2009-04-24 13:43 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 01:15 . 2008-08-08 00:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2009-04-14 15:20 . 2007-08-25 01:56 -------- d-----w- c:\program files\Mystery Case Files - Ravenhearst
2009-04-14 15:20 . 2007-08-09 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-28 02:54 . 2009-03-28 02:54 1991127 ----a-w- c:\windows\java\Packages\IENRTBFD.ZIP
2009-03-19 22:32 . 2009-04-06 02:40 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 22:32 . 2009-03-19 22:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-15 17:26 . 2009-03-15 17:26 1262023 ----a-w- c:\windows\java\Packages\05NJD7VT.ZIP
.

------- Sigcheck -------

[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\$NtUninstallKB917422_0$\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\system32\kernel32.dll
[-] 2009-06-05 05:32 993792 6FBFABC74A14F44F0DB3A6147944915F c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-08_21.07.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-13 01:32 . 2009-06-13 05:03 40960 c:\windows\temp\rtdrvmon.exe
- 2009-06-08 21:06 . 2009-06-08 21:06 40960 c:\windows\temp\rtdrvmon.exe
+ 2009-06-13 01:32 . 2009-06-13 01:32 16384 c:\windows\temp\Perflib_Perfdata_5ac.dat
+ 2009-06-13 05:03 . 2009-06-13 05:03 16384 c:\windows\temp\Perflib_Perfdata_594.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-04 50176]
"ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057"="c:\program files\USB Storage RW\shwicon.exe" [2002-07-04 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-25 368640]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 155648]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-09-04 364544]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-03 24576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2002-9-16 16384]
Personal Coach.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2007-11-15 2392064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-24 01:54 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\BitDefender\\BitDefender 2008\\bdagent.exe"=
"c:\\Program Files\\USB Storage RW\\Shwicon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/1/2008 7:55 PM 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 1:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
R3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\drivers\EvcapMau.sys [8/22/2002 3:54 AM 166784]
S3 cpuz129;cpuz129;\??\c:\program files\PC Wizard 2008\pcwiz32.sys --> c:\program files\PC Wizard 2008\pcwiz32.sys [?]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 6:30 PM 95232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us6.hpwis.com/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\www.update
DPF: Aces Up! by pogo - hxxp://game3.pogo.com/v/9.1.1.8/applet/aces/aces-en_US.cab
DPF: Addiction by pogo - hxxp://game3.pogo.com/v/9.0.3.12/applet/addiction/addiction-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-8.0.9.41/backgammon/backgammon-en_US.cab
DPF: Bingo Luau by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/freebingo/freebingo-en_US.cab
DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/blackjack/blackjack-en_US.cab
DPF: Blackjack Carnival by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/vbjack2/vbjack2-en_US.cab
DPF: Blooop by pogo - hxxp://game3.pogo.com/v/9.0.1.14/applet/cascade/cascade-en_US.cab
DPF: Bowling by pogo - hxxp://game3.pogo.com/v/9.0.2.1/applet/bowling/bowling-en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/checkers2/checkers-en_US.cab
DPF: Chess by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/chess2/chess2-en_US.cab
DPF: Command and Conquer Attack Copter by pogo - hxxp://game1.pogo.com/applet-8.0.1.23/ccstrike/ccstrike-en_US.cab
DPF: Dice City Roller by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab
DPF: Dice Derby by pogo - hxxp://game1.pogo.com/v/8.1.6.3/applet/checkeredflag/checkeredflag-en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Dominoes v2 by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/domino2/domino2-en_US.cab
DPF: Double Deuce Poker by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/videopoker2/doubledeuce-en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/firstclass2/firstclass2-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab
DPF: Golf Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/golfsolitaire/golfsolitaire-en_US.cab
DPF: Hangman Hijinks by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/hangman/hangman-en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/v/8.1.6.21/applet/harvest/harvest-en_US.cab
DPF: Hearts by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/hearts/hearts-en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/v/8.1.2.24/applet/drawpoker/drawpoker-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game3.pogo.com/v/9.2.4.6/applet/pool2/pool-en_US.cab
DPF: Hog Heaven Slots by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game3.pogo.com/v/9.1.1.1/applet/gin2/gin2-en_US.cab
DPF: KenoPop! by pogo - hxxp://game3.pogo.com/v/8.2.1.12/applet/speedkeno/speedkeno-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game3.pogo.com/v/9.0.6.14/applet/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/mahjong2/mahjong2-en_US.cab
DPF: Mahjong Safari by Pogo - hxxp://game3.pogo.com/v/9.0.6.14/applet/safari/safari-en_US.cab
DPF: Makeover Madness by pogo - hxxp://game3.pogo.com/v/9.1.1.1/applet/shoes/shoes-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: No-Limit Texas Hold'em by pogo - hxxp://game1.pogo.com/v/8.1.0.25/applet/allin/allin-en_US.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/paigow/paigow-en_US.cab
DPF: Payday Freecell Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/freecell2/freecell2-en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-8.0.9.33/penguins/penguins-en_US.cab
DPF: Perfect Pair Solitaire by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/waterwheel/waterwheel-en_US.cab
DPF: Phlinx by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/flinger/flinger-en_US.cab
DPF: Pop Fu by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/popfu/popfu-en_US.cab
DPF: PoppaZoppa by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/poppazoppa/poppazoppa-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
DPF: Pseudoku by pogo - hxxp://game3.pogo.com/v/8.1.9.22/applet/pseudoku/pseudoku-en_US.cab
DPF: Quick Quack by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/hotstreak/hotstreak-en_US.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/v/8.1.6.3/applet/squares/squares-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
DPF: Scrabble by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/scrabble/scrabble-en_US.cab
DPF: Shuffle Bump by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
DPF: Spider Solitaire by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/spider/spider-en_US.cab
DPF: Spooky Slots - hxxp://game1.pogo.com/v/8.1.2.12/applet/spooky/spooky-en_US.cab
DPF: Squelchies by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/squelchies/squelchies-en_US.cab
DPF: Stax by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game3.pogo.com/v/8.1.6.21/applet/sweeper/sweeper-en_US.cab
DPF: Super Dominoes by pogo - hxxp://game1.pogo.com/v/8.1.6.3/applet/superdomino/superdomino-en_US.cab
DPF: Sweet Tooth 2 by Pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/sweettooth2/sweettooth2-en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/v/8.1.1.13/applet/sweettooth/sweettooth-en_US.cab
DPF: Thousand Island Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/millbrae/millbrae-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game3.pogo.com/v/9.1.1.1/applet/peaks/peaks-en_US.cab
DPF: Trivial Pursuit by pogo - hxxp://game3.pogo.com/v/9.1.5.22/applet/trivial/trivial-en_US.cab
DPF: Tumble Bees by pogo - hxxp://game1.pogo.com/v/8.1.6.21/applet/tumbee2/tumbee2-en_US.cab
DPF: Turbo 21 v2 by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/turbo22/turbo22-en_US.cab
DPF: Vaults of Atlantis Slots by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/mlslots/mlslots-en_US.cab
DPF: Wonderland Memories by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/memories/memories-en_US.cab
DPF: Word Whomp by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/wordwhomp2/whomp2-en_US.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/whackdown/whackdown-en_US.cab
DPF: WordJong by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/wordjong/wordjong-en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/worldclass/worldclass-en_US.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 23:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"ehTray"="c:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /install"
"ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057"="\"c:\\Program Files\\USB Storage RW\\shwicon.exe\" -t\"KYE Electronics Corp.\\USB Storage R/W v1.14e057\""
"WINDVDPatch"="CTHELPER.EXE"
"Adobe Reader Speed Launcher"="\"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"BDAgent"="\"c:\\Program Files\\BitDefender\\BitDefender 2008\\bdagent.exe\""
"StorageGuard"="\"c:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"QuickTime Task"="\"c:\\program files\\quicktime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"iTunesHelper"="\"c:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4063396754-157976077-2142333979-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3c,a1,bb,0d,12,8b,70,3a,af,75,dd,18,8f,54,3d,b5,48,30,53,9b,5f,e0,ee,
59,fd,b7,fd,2e,bb,04,ba,33,39,ba,8c,d3,1d,31,07,3e,c3,f3,07,80,43,5f,f7,28,\
"??"=hex:1e,53,84,b3,51,aa,f6,3a,5e,d5,ba,5b,f8,4e,b7,6e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehsched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-13 23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 05:15
ComboFix2.txt 2009-06-08 21:18
ComboFix3.txt 2008-08-03 21:37

Pre-Run: 48,094,969,856 bytes free
Post-Run: 48,085,147,648 bytes free

305 --- E O F --- 2009-06-06 00:42

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:27 PM

Posted 13 June 2009 - 04:45 AM

Hi!

Yes, you can now use this computer to connect to the internet. Please run the Kaspersky scan and post me the logs :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 plox3

plox3
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:TX
  • Local time:02:27 AM

Posted 13 June 2009 - 02:01 PM

Hi
I ran the scans . Here is the Kaspersky log & the new HJT log. I posted the ComboFix log & hopefully answered your questions. If you need more details just let me know. When I run HJT I only scan & copy log, I dont check & fix anything , have I been wrong by doing this or not ?

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:57 PM, on 6/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/v/9.1.1.8/applet/aces/aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.3.12/applet/ad...ction-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.9.41/back...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/applet/fr...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/bla...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.com/v/9.0.5.4/applet/vbj...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.com/v/9.0.1.14/applet/ca...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/9.0.2.1/applet/bow...wling-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/v/8.1.1.13/applet/ch...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/8.1.7.44/applet/ch...hess2-en_US.cab
O16 - DPF: Command and Conquer Attack Copter by pogo - http://game1.pogo.com/applet-8.0.1.23/ccst...trike-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/che...dflag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.1.8.1/applet/dom...mino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game3.pogo.com/v/9.0.1.7/applet/vid...deuce-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fir...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/sup...bingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.1.8.1/applet/gol...taire-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game3.pogo.com/v/9.0.8.20/applet/ha...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ha...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/v/8.1.1.13/applet/he...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.2.24/applet/dr...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/9.2.4.6/applet/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game3.pogo.com/v/9.1.1.1/applet/gin2/gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.2.1.12/applet/sp...dkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/mhp...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.6.14/applet/lo...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.0.8.20/applet/ma...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.6.14/applet/sa...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.1.1/applet/shoes/shoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/v/8.1.0.25/applet/al...allin-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/v/8.1.1.1/applet/pai...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.1.6.34/applet/fr...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.9.33/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.2.0.14/applet/wa...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.1.3.19/applet/fl...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.0.8.20/applet/po...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/po...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/po...ppit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/8.1.9.22/applet/ps...udoku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/hot...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/v/8.1.6.3/applet/squ...uares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scr...abble-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game3.pogo.com/v/8.1.9.1/applet/spi...pider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/sp...pooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/9.2.0.14/applet/sq...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.com/v/8.1.6.21/applet/sw...eeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.6.3/applet/sup...omino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/swe...ooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/v/8.1.1.13/applet/sw...tooth-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/mi...lbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.1.1.1/applet/peaks/peaks-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.5.22/applet/tr...ivial-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/v/8.1.6.21/applet/tu...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game3.pogo.com/v/9.1.7.20/applet/tu...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.com/v/9.2.0.14/applet/ml...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game3.pogo.com/v/9.0.8.20/applet/me...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.0.7.14/applet/wo...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.com/v/9.1.7.20/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game3.pogo.com/v/9.2.0.14/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.8.20/applet/wo...class-en_US.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1230009687031
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 14132 bytes
----------------------------------------------------------------------------------------------------------------------------------------------------------------


KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, June 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, June 13, 2009 15:54:45
Records in database: 2339119


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics
Files scanned 100436
Threat name 7
Infected objects 20
Suspicious objects 0
Duration of the scan 03:25:06

File name Threat name Threats count
C:\Program Files\BadgeHelp\AutoLotto\AutoLotto.Exe Infected: Trojan.Win32.Buzus.aysh 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077303.ini Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077304.ini Infected: Trojan.Win32.Patched.gl 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077305.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077306.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077312.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077331.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077334.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077335.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077340.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077343.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077355.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077356.dll Infected: Trojan.Win32.Patched.gl 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077358.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077361.dll Infected: Trojan.Win32.Patched.gk 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0077362.dll Infected: Trojan.Win32.Patched.gl 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0078313.dll Infected: Trojan-Banker.Win32.Banker.ahhl 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0078326.exe Infected: Net-Worm.Win32.Koobface.io 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0082470.exe Infected: Trojan.Win32.Inject.abjo 1

C:\System Volume Information\_restore{DE805C04-9CD7-4873-814B-E8833D193441}\RP188\A0082859.dll Infected: Trojan-PSW.Win32.Delf.dqz 1

The selected area was scanned.

#14 plox3

plox3
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:TX
  • Local time:02:27 AM

Posted 13 June 2009 - 02:04 PM

Oh I also noticed that once I connected to the internet I had updates ready to install, should I update or not?

#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:27 PM

Posted 13 June 2009 - 02:18 PM

Hi :thumbup2:

When I run HJT I only scan & copy log, I dont check & fix anything , have I been wrong by doing this or not ?

Yes, that's perfect. I'll let you know when an entry needs to be fixed.

Oh I also noticed that once I connected to the internet I had updates ready to install, should I update or not?

We're almost done cleaning up your computer, just a few more things need to be done. Once your computer is clean, I'll let you know and you can go wild with the updates :)

Please give me a while to get my fixed approved by a coach.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users