Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't run spybot - rsit log


  • This topic is locked This topic is locked
2 replies to this topic

#1 GiovanniB

GiovanniB

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 15 September 2009 - 05:45 AM

Hi everybody,
I'm new in the forum and I hope I'm posting in the right place. I searched the forum but could not find anything. I have a problem on my dad's Windows Vista PC. Using one of the administrator users I can't run spybot. Also, the internet connection locks up after a while and a restart is needed. NOD32 anti-virus is active and working.
So i tried RSIT and I have the following log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Paolo at 2009-09-15 12:25:56
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 256 GB (55%) free of 467 GB
Total RAM: 3325 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.27.21, on 15/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Paolo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paolo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paolo\Downloads\RSIT.exe
C:\Program Files\trend micro\Paolo.exe
C:\Users\Paolo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paolo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paolo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/11
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornito da Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_SD4DF.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [\\192.168.1.1\StylusDX8400] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_SCB4D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [agewuek] "c:\users\paolo\appdata\local\agewuek.exe" agewuek
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{A337C947-FBB0-44B5-A8D6-BA35575DE813}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Servizio di Google Update (gupdate1c9d18621817d58) (gupdate1c9d18621817d58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7285 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2228024920-3221458151-2488606690-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2228024920-3221458151-2488606690-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2228024920-3221458151-2488606690-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2228024920-3221458151-2488606690-1002UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-11 4452352]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"EPSON Stylus DX4800 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE [2005-02-02 98304]
"\\192.168.1.1\StylusDX8400"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE [2005-02-02 98304]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-09-24 1447168]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-04-22 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-22 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-22 133656]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
"TomTomHOME.exe"=C:\Programmi\TomTom HOME 2\HOMERunner.exe [2008-12-09 234856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"agewuek"=c:\users\paolo\appdata\local\agewuek.exe agewuek []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\Users\Paolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-02-03 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-04-22 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a479dda-f237-11dd-bef4-806e6f6e6963}]
shell\AutoRun\command - E:\avvio.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d951ff62-f9d3-11dd-8946-002170162b6a}]
shell\AutoRun\command - L:\InstallTomTomHOME.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-09-15 12:26:00 ----D---- C:\Program Files\trend micro
2009-09-15 12:25:56 ----D---- C:\rsit
2009-09-10 02:14:34 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-10 02:14:34 ----A---- C:\Windows\system32\mf.dll
2009-09-10 02:14:16 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-10 02:14:16 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-10 02:14:16 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-10 02:14:16 ----A---- C:\Windows\system32\ARP.EXE
2009-09-10 02:14:15 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-10 02:14:15 ----A---- C:\Windows\system32\netevent.dll
2009-09-10 02:14:15 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-10 02:14:15 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-10 02:14:15 ----A---- C:\Windows\system32\finger.exe
2009-09-10 02:14:00 ----A---- C:\Windows\system32\jscript.dll
2009-09-10 02:13:54 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-10 02:13:54 ----A---- C:\Windows\system32\wlansec.dll
2009-09-10 02:13:54 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-10 02:13:54 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-07 08:00:04 ----D---- C:\ProgramData\pdf995
2009-09-07 08:00:04 ----A---- C:\Windows\system32\pdfmona.dll
2009-09-07 08:00:04 ----A---- C:\Windows\system32\pdf995mon.dll
2009-09-07 08:00:03 ----D---- C:\Program Files\pdf995
2009-09-06 16:01:24 ----D---- C:\Program Files\MATLAB
2009-09-04 11:57:37 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-04 11:57:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-03 14:50:27 ----D---- C:\Program Files\InfraRecorder
2009-09-03 00:06:09 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-03 00:06:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 20:15:23 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-09-02 20:15:23 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-09-02 20:15:23 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-09-02 20:15:22 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-09-02 20:15:22 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-09-02 20:15:21 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-09-02 20:15:21 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-09-02 20:15:21 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-09-02 20:15:21 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-09-02 20:15:21 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-09-02 20:15:21 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-09-02 20:15:21 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-09-02 20:15:20 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-09-02 20:15:20 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-09-02 20:15:20 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-09-02 20:15:20 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-09-02 20:15:19 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-09-02 20:15:19 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-09-02 20:15:19 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-09-02 20:15:19 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-09-02 20:15:19 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-09-02 20:15:19 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-09-02 20:15:18 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-09-02 20:15:18 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-09-02 20:15:18 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-09-02 20:15:18 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-09-02 20:15:18 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-09-02 20:15:17 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-09-02 20:15:16 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-09-02 20:15:16 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-09-02 20:15:16 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-09-02 20:15:16 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-09-02 20:15:16 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-09-02 20:15:13 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-09-02 20:15:12 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-09-02 20:15:12 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-09-02 20:15:11 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-09-02 20:15:11 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-09-02 20:15:10 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-09-02 20:15:10 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-09-02 20:15:10 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-09-02 20:15:09 ----A---- C:\Windows\system32\xinput1_3.dll
2009-09-02 20:15:09 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-09-02 20:15:09 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-09-02 20:15:09 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-09-02 20:15:09 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-09-02 20:15:09 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-09-02 20:15:08 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-09-02 20:15:08 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-09-02 20:15:08 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-09-02 20:15:08 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-09-02 20:15:08 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-09-02 20:15:07 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-09-02 20:15:07 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-09-02 20:15:07 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-09-02 20:15:07 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-09-02 20:15:07 ----A---- C:\Windows\system32\d3dx10.dll
2009-09-02 20:15:06 ----A---- C:\Windows\system32\xinput1_2.dll
2009-09-02 20:15:06 ----A---- C:\Windows\system32\xinput1_1.dll
2009-09-02 20:15:06 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-09-02 20:15:06 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-09-02 20:15:06 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-09-02 20:15:03 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-09-02 20:15:02 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-09-02 20:15:02 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-09-02 20:15:02 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-09-02 20:15:02 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-09-02 20:15:02 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-09-02 20:15:02 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-09-02 20:15:02 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-09-02 20:15:01 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-09-02 20:13:49 ----HD---- C:\Windows\msdownld.tmp
2009-09-02 20:13:48 ----D---- C:\Windows\system32\directx
2009-09-02 20:13:44 ----D---- C:\Program Files\Telltale Games
2009-09-02 13:12:09 ----D---- C:\Program Files\uTorrent
2009-09-02 12:32:44 ----D---- C:\Program Files\7-Zip
2009-09-02 12:29:51 ----D---- C:\Program Files\Microsoft SQL Server
2009-09-02 12:25:36 ----D---- C:\Program Files\Microsoft.NET
2009-09-02 12:25:17 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2009-09-02 12:25:17 ----D---- C:\Program Files\Common Files\Merge Modules
2009-09-02 12:25:16 ----D---- C:\ProgramData\Microsoft Help
2009-09-02 12:23:49 ----D---- C:\Program Files\Microsoft SDKs
2009-08-31 19:54:24 ----A---- C:\Windows\system32\javaws.exe
2009-08-31 19:54:24 ----A---- C:\Windows\system32\javaw.exe
2009-08-31 19:54:24 ----A---- C:\Windows\system32\java.exe
2009-08-27 15:57:11 ----A---- C:\Windows\system32\tzres.dll
2009-08-13 02:20:47 ----A---- C:\Windows\system32\kerberos.dll
2009-08-13 02:20:46 ----A---- C:\Windows\system32\wdigest.dll
2009-08-13 02:20:46 ----A---- C:\Windows\system32\schannel.dll
2009-08-13 02:20:46 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-13 02:20:46 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-13 02:20:45 ----A---- C:\Windows\system32\secur32.dll
2009-08-13 02:20:45 ----A---- C:\Windows\system32\lsass.exe
2009-08-13 02:20:33 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 02:20:32 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 02:20:32 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 02:20:31 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-13 02:20:31 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 02:20:29 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 02:20:24 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 02:20:22 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 02:20:20 ----A---- C:\Windows\system32\atl.dll
2009-08-07 18:47:45 ----A---- C:\Windows\system32\mshtml.dll
2009-08-07 18:47:43 ----A---- C:\Windows\system32\ieframe.dll
2009-08-07 18:47:42 ----A---- C:\Windows\system32\iertutil.dll
2009-08-07 18:47:41 ----A---- C:\Windows\system32\wininet.dll
2009-08-07 18:47:41 ----A---- C:\Windows\system32\urlmon.dll
2009-08-07 18:47:41 ----A---- C:\Windows\system32\msfeeds.dll
2009-08-07 18:47:40 ----A---- C:\Windows\system32\occache.dll
2009-08-07 18:47:40 ----A---- C:\Windows\system32\ieui.dll
2009-08-07 18:47:40 ----A---- C:\Windows\system32\iepeers.dll
2009-08-07 18:47:40 ----A---- C:\Windows\system32\iedkcs32.dll
2009-08-07 18:47:39 ----A---- C:\Windows\system32\msfeedssync.exe
2009-08-07 18:47:39 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-08-07 18:47:39 ----A---- C:\Windows\system32\jsproxy.dll
2009-08-07 18:47:39 ----A---- C:\Windows\system32\ieUnatt.exe
2009-08-07 18:47:39 ----A---- C:\Windows\system32\iesysprep.dll
2009-08-07 18:47:39 ----A---- C:\Windows\system32\iesetup.dll
2009-08-07 18:47:39 ----A---- C:\Windows\system32\iernonce.dll
2009-08-07 18:47:39 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-23 19:32:00 ----D---- C:\Windows\CheckSur
2009-07-22 17:15:42 ----A---- C:\Users\Paolo\AppData\Roaming\DataSafeDotNet.exe
2009-07-17 15:57:31 ----D---- C:\Windows\Minidump
2009-07-15 19:44:57 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 19:44:57 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 19:44:57 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 19:44:57 ----A---- C:\Windows\system32\atmfd.dll
2009-06-27 19:53:26 ----A---- C:\Windows\system32\mshtmler.dll
2009-06-27 19:53:26 ----A---- C:\Windows\system32\mshtmled.dll
2009-06-27 19:53:26 ----A---- C:\Windows\system32\icardie.dll
2009-06-27 19:53:26 ----A---- C:\Windows\system32\admparse.dll
2009-06-27 19:53:25 ----A---- C:\Windows\system32\msls31.dll
2009-06-27 19:53:25 ----A---- C:\Windows\system32\licmgr10.dll
2009-06-27 19:53:25 ----A---- C:\Windows\system32\inseng.dll
2009-06-27 19:53:25 ----A---- C:\Windows\system32\imgutil.dll
2009-06-27 19:53:25 ----A---- C:\Windows\system32\ieakeng.dll
2009-06-27 19:53:25 ----A---- C:\Windows\system32\dxtrans.dll
2009-06-27 19:53:25 ----A---- C:\Windows\system32\dxtmsft.dll
2009-06-27 19:53:25 ----A---- C:\Windows\system32\corpol.dll
2009-06-27 19:53:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-06-27 19:53:24 ----A---- C:\Windows\system32\wextract.exe
2009-06-27 19:53:24 ----A---- C:\Windows\system32\webcheck.dll
2009-06-27 19:53:24 ----A---- C:\Windows\system32\mstime.dll
2009-06-27 19:53:24 ----A---- C:\Windows\system32\msrating.dll
2009-06-27 19:53:24 ----A---- C:\Windows\system32\ieakui.dll
2009-06-27 19:53:24 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-27 19:53:23 ----A---- C:\Windows\system32\vbscript.dll
2009-06-27 19:53:23 ----A---- C:\Windows\system32\url.dll
2009-06-27 19:53:23 ----A---- C:\Windows\system32\pngfilt.dll
2009-06-27 19:53:23 ----A---- C:\Windows\system32\ieapfltr.dll
2009-06-27 19:53:23 ----A---- C:\Windows\system32\advpack.dll
2009-06-27 19:53:22 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-06-27 19:53:22 ----A---- C:\Windows\system32\mshta.exe
2009-06-27 19:53:22 ----A---- C:\Windows\system32\iexpress.exe
2009-06-27 19:53:21 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-06-27 19:53:21 ----A---- C:\Windows\system32\SetDepNx.exe
2009-06-27 19:53:21 ----A---- C:\Windows\system32\PDMSetup.exe

======List of files/folders modified in the last 3 months======

2009-09-15 12:27:15 ----D---- C:\Windows\Prefetch
2009-09-15 12:27:07 ----D---- C:\Windows\Temp
2009-09-15 12:26:00 ----RD---- C:\Program Files
2009-09-15 12:15:11 ----D---- C:\Windows\Tasks
2009-09-15 11:23:16 ----SHD---- C:\System Volume Information
2009-09-15 10:35:22 ----D---- C:\Windows\System32
2009-09-15 10:35:22 ----D---- C:\Windows\inf
2009-09-15 10:35:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-15 10:31:39 ----D---- C:\ProgramData\Google Updater
2009-09-14 23:45:27 ----D---- C:\Windows\system32\catroot2
2009-09-14 23:05:48 ----D---- C:\Users\Paolo\AppData\Roaming\uTorrent
2009-09-11 00:13:49 ----D---- C:\Windows\winsxs
2009-09-11 00:09:00 ----D---- C:\Windows\rescache
2009-09-10 23:52:13 ----D---- C:\Windows\system32\it-IT
2009-09-10 23:52:13 ----D---- C:\Windows\system32\drivers
2009-09-10 23:11:35 ----D---- C:\Program Files\Mozilla Firefox
2009-09-10 17:09:45 ----SHD---- C:\Windows\Installer
2009-09-10 17:08:45 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-10 16:17:18 ----D---- C:\Windows\system32\catroot
2009-09-10 16:17:11 ----D---- C:\Program Files\Windows Mail
2009-09-10 16:16:48 ----D---- C:\Windows\ehome
2009-09-07 08:00:04 ----HD---- C:\ProgramData
2009-09-07 08:00:04 ----D---- C:\Windows
2009-09-06 17:35:28 ----D---- C:\ProgramData\Rosetta Stone
2009-09-06 16:58:34 ----D---- C:\Program Files\Rosetta Stone
2009-09-06 16:21:50 ----RSD---- C:\Windows\assembly
2009-09-05 19:37:00 ----D---- C:\Windows\system32\Tasks
2009-09-03 00:38:52 ----D---- C:\Program Files\WinRAR
2009-09-03 00:36:33 ----D---- C:\Windows\AppPatch
2009-09-02 20:14:58 ----D---- C:\Windows\Microsoft.NET
2009-09-02 20:13:48 ----D---- C:\Windows\Logs
2009-09-02 14:26:53 ----D---- C:\ProgramData\Adobe
2009-09-02 14:26:52 ----D---- C:\Program Files\Common Files\Adobe
2009-09-02 12:28:18 ----SD---- C:\ProgramData\Microsoft
2009-09-02 12:25:17 ----D---- C:\Program Files\Common Files
2009-09-02 12:07:08 ----D---- C:\DELL
2009-09-02 12:04:40 ----D---- C:\Program Files\Dell
2009-09-02 12:00:30 ----SHD---- C:\$Recycle.Bin
2009-09-02 11:59:29 ----RD---- C:\Users
2009-09-01 15:05:27 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-01 15:05:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-31 19:54:23 ----D---- C:\Program Files\Java
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-28 09:09:34 ----D---- C:\Users\Paolo\AppData\Roaming\Skype
2009-08-28 08:04:45 ----D---- C:\Users\Paolo\AppData\Roaming\skypePM
2009-08-28 03:00:23 ----D---- C:\Program Files\Internet Explorer
2009-08-27 21:22:20 ----D---- C:\Program Files\Mozilla Thunderbird
2009-08-27 17:57:55 ----D---- C:\Windows\system32\WDI
2009-08-27 16:49:42 ----D---- C:\Windows\system32\config
2009-08-27 16:49:36 ----D---- C:\Windows\system32\spool
2009-08-27 16:49:36 ----D---- C:\Windows\system32\Msdtc
2009-08-27 16:49:35 ----D---- C:\Windows\system32\wbem
2009-08-27 16:49:35 ----D---- C:\Windows\registration
2009-08-13 03:01:37 ----D---- C:\Program Files\Windows Media Player
2009-08-08 03:05:55 ----D---- C:\Windows\system32\migration
2009-07-25 05:23:00 ----A---- C:\Windows\system32\deploytk.dll
2009-07-22 17:23:39 ----SD---- C:\Users\Paolo\AppData\Roaming\Microsoft
2009-06-27 19:58:49 ----D---- C:\Windows\system32\en-US
2009-06-27 19:58:49 ----D---- C:\Windows\PolicyDefinitions

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-09-24 53256]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-09-24 34312]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-09-24 39944]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-24 3151872]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-11 1773536]
R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2008-07-26 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
R3 usbaudio;Driver audio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 a06x2cky;a06x2cky; C:\Windows\system32\drivers\a06x2cky.sys []
S3 drmkaud;Decodificatore audio DRM del kernel Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-04-22 2016256]
S3 MSKSSRV;Proxy di servizio di flusso Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy clock di flusso Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy di gestione qualità di flusso Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-24 3151872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-24 610304]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-09-24 468224]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
S2 gupdate1c9d18621817d58;Servizio di Google Update (gupdate1c9d18621817d58); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-09-24 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-12 655624]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-02-03 16680]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------

In particular I could not find any information about the entry:

O4 - HKCU\..\Run: [agewuek] "c:\users\paolo\appdata\local\agewuek.exe" agewuek

Any idea?
Thank you

BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:12:08 PM

Posted 30 September 2009 - 09:25 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:08 PM

Posted 07 October 2009 - 09:45 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users