Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected w/seyomaju,kupirire,kedohudu trojans


  • This topic is locked This topic is locked
21 replies to this topic

#1 BSTrue

BSTrue

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 09 November 2009 - 03:38 PM

Hi, Our computer is constantly displaying pop-ups while online(firefox). They keep popping up and after closing each one, after a couple, I get a message saying Internet Explorer had to close because of problems(I'm not using IE though, I'm using Firefox)They are preventing us from getting through to certain sites, also. It takes so long for the page to load, that it times out the connection.

I have followed the prep guide for posting, but the step where I make a report with rootrepeal makes my computer restart. I can get as far as the point where I tell it what to scan(C:/) when I hit the start scan button, it shows a quick list of entries, then they disappear and the rootrepeal gives me a message,Please wait, initializing... But it freezes there and after a minute or so makes the computer restart.

Avast found C:\windows\system32\seyomaju.DLL, C:\windows\system32\kupirire.DLL which I moved to chest, but I'm sure they're still lurking about...

Here is what I have so far...

DDS (Ver_09-10-26.01) - NTFSx86
Run by Brenda at 6:53:37.32 on Mon 11/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1371 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 091108-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exeAttached File  Attach.txt   15.72KB   6 downloads
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdvserv.exe
C:\WINDOWS\system32\lxdvcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brenda\Desktop\dds.scr
__________________________________________________

I also have a hijjack this log if you want to see it.

What do I do next, oh wise Computer Ones?

Thanks, Brenda

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 15 November 2009 - 06:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 BSTrue

BSTrue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 November 2009 - 09:13 AM

Hi, I first contacted you guys because we knew we were infected by something that was creating IE popups (while we in Firefox) , and page redirects and very slow loading of pgs.
Here's what has been happening since my first post:
I ran Avast and while scanning it detected something that prompted it to request a boot time scan, so I did. It found the dreaded Vundo among other things. It deleted a bunch of stuff, but things were still showing up on hijack this scans, and malwarebytes scans. I kept scanning and deleting the offending files where I could, and did some research on Bleeping computers as to how you had instructed other victims of Vundo to proceed.

I downloaded combofix and ran that in safe mode, it caught a bacdor and some rootkit and deleted it. I couldn't get rootrepeal to scan, it would crash my comp. right when I clicked the begin scan C/D drives. (I have a combo fix log from that scan, I only ran combofix once)

Then,I would run the malwarebytes and Avast alternately until it didn't catch anything. (BTW, we disconnected from the internet after getting the AV programs, then did all the scans)

So right now, we seemed to have cleared up the problem, :( we are using the internet without any popups or redirects, and our speed is back up to normal, but I would appreciate it if you would look at my logs and tell me if we missed anything that might be lurking there. We don't use our comp. for any online banking, but occasionally we buy something online thru PP or Vsa.

Thanks, Brenda

Here is my DDS log

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:57 AM

Posted 15 November 2009 - 10:30 AM

Hello, BSTrue
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


Please post back with the content of C:\Combofix.txt, also please do this:


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 BSTrue

BSTrue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 November 2009 - 08:41 PM

Here are the combofix and GMER logs as you requested. The gmer had a notice at the end that there was evidence of rootkit activity.
What next?....

Attached File  ComboFix.txt   31.61KB   16 downloads





Attached File  gmer.log   4.15KB   14 downloads


-Brenda-

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:57 AM

Posted 16 November 2009 - 03:41 PM

Hi,

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 BSTrue

BSTrue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 November 2009 - 03:55 PM

Here is the result of the RSIT scan...

Attached File  info.txt   27.2KB   6 downloads

and

Attached File  log.txt   33.5KB   1 downloads

-Brenda-

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:57 AM

Posted 16 November 2009 - 03:58 PM

Hi,

Please do not attach the logfiles, just post it here in your thread, thank you :(.


RootRepeal - Rootkit Detector


Download RootRepeal.zip and unzip it to your Desktop.

  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Clickthe Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 BSTrue

BSTrue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 November 2009 - 04:16 PM

Hi, I've begun the scan, but I think it may freeze up the computer. I tried this scan at the beginning of my contact with bleeping computers, because I followed the directions for posting for the first time. After I check off the
* Drivers
* Files
* Processes
* SSDT
* Stealth Objects
* Hidden Services
and then tell it to scan the C: and D: drives, I click on scan and it shows a green prog bar for a second, thenthe green bar disappears and it Reads,"Initializing, please wait...."
but if I click anywhere on the window bar it reads,"not responding". the computer will probably shut down and reboot soon (that's what happened before.)

:( what next?

-Brenda-

#10 BSTrue

BSTrue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 November 2009 - 04:18 PM

Yes, Its frozen up.....

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:57 AM

Posted 16 November 2009 - 04:45 PM

Ok, try this:


Please download Sysprot Antirootkit from here

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to.
  • Open the text file and copy/paste the log here.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 BSTrue

BSTrue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 November 2009 - 05:14 PM

Here is the sysprotantirootkit log:
I am disabling Avast and disabling my internet connection during scans.
-Brenda-

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 380
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 436
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 460
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 504
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 516
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 660
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 684
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 760
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 800
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 916
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 988
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1000
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1056
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1292
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1372
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1408
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1452
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1480
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 1528
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvserv.exe
PID: 1548
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lxdvcoms.exe
PID: 1576
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PID: 1608
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1688
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1804
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrA.exe
PID: 1824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wdfmgr.exe
PID: 1896
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 376
Hidden: No
Window Visible: No

Name: C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PID: 520
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 824
Hidden: No
Window Visible: No

Name: C:\Program Files\QuickTime\QTTask.exe
PID: 948
Hidden: No
Window Visible: No

Name: C:\Program Files\OpenOffice.org 3\program\soffice.exe
PID: 2292
Hidden: No
Window Visible: No

Name: C:\Program Files\OpenOffice.org 3\program\soffice.bin
PID: 2304
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 2516
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 2600
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2656
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2952
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 3432
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\notepad.exe
PID: 3516
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\wscntfy.exe
PID: 1712
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Brenda\Desktop\SysProt\SysProt.exe
PID: 2080
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Brenda\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A44FD000
Module End: A4508000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806CD600
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806CE000
Module End: 806EE380
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: B85A8000
Module End: B85AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: B84B8000
Module End: B84BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B7F79000
Module End: B7FA7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: B85AA000
Module End: B85AC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B7F68000
Module End: B7F79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: B80A8000
Module End: B80B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: B80B8000
Module End: B80C7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: B80C8000
Module End: B80D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: B8670000
Module End: B8671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: B8328000
Module End: B832F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: B80D8000
Module End: B80E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B7F49000
Module End: B7F68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: B8330000
Module End: B8335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: B80E8000
Module End: B80F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B7F31000
Module End: B7F49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fasttx2k.sys
Service Name: fasttx2k
Module Base: B7F0E000
Module End: B7F31000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Service Name: ---
Module Base: B7EF6000
Module End: B7F0E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\nvata.sys
Service Name: nvata
Module Base: B7EDD000
Module End: B7EF6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: B80F8000
Module End: B8101000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: B8108000
Module End: B8115000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: B7EBE000
Module End: B7EDD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B7EAC000
Module End: B7EBE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: B8118000
Module End: B8127000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: B8338000
Module End: B833D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B7E95000
Module End: B7EAC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B7E08000
Module End: B7E95000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B7DDB000
Module End: B7E08000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B7DC0000
Module End: B7DDB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\gagp30kx.sys
Service Name: gagp30kx
Module Base: B8128000
Module End: B8134000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: B64AF000
Module End: B6C12000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B649B000
Module End: B64AF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: B6487000
Module End: B649B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ASACPI.sys
Service Name: MTsensor
Module Base: B8606000
Module End: B8608000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: B8168000
Module End: B8175000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\PS2.sys
Service Name: Ps2
Module Base: B8400000
Module End: B8406000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: B8408000
Module End: B840E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: B8178000
Module End: B8188000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: Serenum
Module Base: B7D80000
Module End: B7D84000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: B8410000
Module End: B8415000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B6464000
Module End: B6487000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: B8418000
Module End: B841F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: B8188000
Module End: B8193000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: B8198000
Module End: B81A5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: B81A8000
Module End: B81B7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B6441000
Module End: B6464000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: B8420000
Module End: B8426000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B641C000
Module End: B6441000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Service Name: nvnetbus
Module Base: B853C000
Module End: B8540000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Service Name: ---
Module Base: B63D2000
Module End: B641C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Service Name: ---
Module Base: B639B000
Module End: B63D2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: B81B8000
Module End: B81C6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: B86E3000
Module End: B86E4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: B81C8000
Module End: B81D5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: B8540000
Module End: B8543000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B6384000
Module End: B639B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: B81D8000
Module End: B81E3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: B81E8000
Module End: B81F4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: B8428000
Module End: B842D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B6373000
Module End: B6384000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: B81F8000
Module End: B8201000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: B8430000
Module End: B8435000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: B8438000
Module End: B843D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: B8208000
Module End: B8212000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: B8440000
Module End: B8446000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: B860E000
Module End: B8610000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B633F000
Module End: B6373000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: B854C000
Module End: B8550000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B82A8000
Module End: B82B2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: B7811000
Module End: B7820000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: B8646000
Module End: B8648000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ADIHdAud.sys
Service Name: ADIHdAudAddService
Module Base: B264B000
Module End: B2671000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B2627000
Module End: B264B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: B82E8000
Module End: B82F7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\AEAudio.sys
Service Name: AEAudioService
Module Base: B2607000
Module End: B2627000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Senfilt.sys
Service Name: SenFiltService
Module Base: B25A7000
Module End: B2607000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: B8388000
Module End: B838D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: B866E000
Module End: B8670000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: B87D4000
Module End: B87D5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: B85AC000
Module End: B85AE000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: B83B0000
Module End: B83B6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: B85AE000
Module End: B85B0000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: B85B0000
Module End: B85B2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: B83B8000
Module End: B83BD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: B83C0000
Module End: B83C8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: B7D88000
Module End: B7D8B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AE385000
Module End: AE398000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AE32D000
Module End: AE385000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: B2DBB000
Module End: B2DC6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AE305000
Module End: AE32D000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AE2E3000
Module End: AE305000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: B2DAB000
Module End: B2DB4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srvkp.sys
Service Name: SiSkp
Module Base: B3655000
Module End: B3659000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AE2B8000
Module End: AE2E3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AE221000
Module End: AE290000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: B2D8B000
Module End: B2D94000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AE200000
Module End: AE221000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: B2D7B000
Module End: B2D84000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: B3635000
Module End: B3638000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: B2D6B000
Module End: B2D74000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: B83D0000
Module End: B83D7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: B3631000
Module End: B3634000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: AE1DF000
Module End: AE200000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Service Name: Aavmker4
Module Base: B83E0000
Module End: B83E5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A57AE000
Module End: A57D1000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_nvata.sys
Service Name: ---
Module Base: A5795000
Module End: A57AE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: B862E000
Module End: B8630000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: A69B8000
Module End: A69BB000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: AE40C000
Module End: AE411000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: A61A0000
Module End: A61A1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Service Name: aswFsBlk
Module Base: AADA2000
Module End: AADAA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B31D5000
Module End: B31D9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Service Name: aswMon2
Module Base: A4EB9000
Module End: A4ECF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A4DEC000
Module End: A4E19000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A4D4A000
Module End: A4D9C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A4CE5000
Module End: A4CFA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B77E1000
Module End: B77F0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: A60C5000
Module End: A60D5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A4665000
Module End: A46A6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: A46D2000
Module End: A46D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A43AE000
Module End: A43D8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: B83F8000
Module End: B83FF000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: AE1E76B8
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwCreateKey
Address: AE1E7574
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDeleteValueKey
Address: AE1E7A52
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDuplicateObject
Address: AE1E714C
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenKey
Address: AE1E764E
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenProcess
Address: AE1E708C
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenThread
Address: AE1E70F0
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryValueKey
Address: AE1E776E
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: AE1E772E
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwSetValueKey
Address: AE1E78AE
Driver Base: AE1DF000
Driver End: AE200000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: KITCHENPC:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: KITCHENPC:5152
Remote Address: LOCALHOST:1042
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: KITCHENPC:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: KITCHENPC:1034
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: KITCHENPC:10098
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\lxdvcoms.exe
State: LISTENING

Local Address: KITCHENPC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KITCHENPC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: KITCHENPC:44301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\PnkBstrA.exe
State: NA

Local Address: KITCHENPC:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: KITCHENPC:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KITCHENPC:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KITCHENPC:53084
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: KITCHENPC:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: KITCHENPC:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: KITCHENPC:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: KITCHENPC:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Joey's Games\Application Data\SecuROM\UserData\???????????p????????
Status: Hidden

Object: C:\Documents and Settings\Joey's Games\Application Data\SecuROM\UserData\???????????p???????????
Status: Hidden

Object: C:\Documents and Settings\Joey's Games\Application Data\SecuROM\UserData\???????????p?????????
Status: Hidden

Object: C:\Documents and Settings\Joey's Games\Application Data\SecuROM\UserData\???????????p?????????
Status: Hidden

Object: C:\Documents and Settings\Joey's Games\My Documents\Downloads\Capitulum Quintum, Indic. et Vocat..doc
Status: Hidden

Object: C:\Documents and Settings\Joey's Games\Recent\Capitulum Quintum, Indic. et Vocat..lnk
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}
Status: Access denied

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:57 AM

Posted 17 November 2009 - 02:09 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile, also please post back with a fresh RSIT-Logfile.

How is your system running?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 BSTrue

BSTrue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 17 November 2009 - 05:48 PM

Hi, Everything seems to be running good. I haven't had any pop ups or redirects and the computers speed is back to where it was.
Here are the requested logs, how do they look?

Malwarebytes' Anti-Malware 1.41
Database version: 3189
Windows 5.1.2600 Service Pack 2

11/17/2009 4:36:53 PM
mbam-log-2009-11-17 (16-36-53).txt

Scan type: Quick Scan
Objects scanned: 152302
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


**************

Logfile of random's system information tool 1.06 (written by random/random)
Run by Brenda at 2009-11-17 16:42:30
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 30 GB (16%) free of 185 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:30 PM, on 11/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdvserv.exe
C:\WINDOWS\system32\lxdvcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Brenda\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brenda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=eng
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware1\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EBCGIOME - Unknown owner - C:\DOCUME~1\Brenda\LOCALS~1\Temp\EBCGIOME.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: HXNNO - Unknown owner - C:\DOCUME~1\Brenda\LOCALS~1\Temp\HXNNO.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IEEMLS - Unknown owner - C:\DOCUME~1\Brenda\LOCALS~1\Temp\IEEMLS.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe
O23 - Service: lxdv_device - - C:\WINDOWS\system32\lxdvcoms.exe
O23 - Service: MF - Unknown owner - C:\DOCUME~1\Brenda\LOCALS~1\Temp\MF.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8457 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware1\mbam.exe [2009-09-10 1312080]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-05 180269]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-25 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdvamon]
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe [2007-11-02 25256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdvmon.exe]
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe [2007-11-02 455336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Documents and Settings\Joey's Games\Desktop\New Folder\Malwarebytes' Anti-Malware\3z6tXMrRD.exe /runcleanupscript []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
SiSPower.dll,ModeAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-04 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-05 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey's Games^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2
"Fax"=3
"Apple Mobile Device"=2

C:\Documents and Settings\Brenda\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [2009-08-26 16680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\steamapps\shadowjoey\half-life\hl.exe"="C:\Program Files\Steam\steamapps\shadowjoey\half-life\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\shadowjoey\garrysmod\hl2.exe"="C:\Program Files\Steam\steamapps\shadowjoey\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\shadowjoey\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\shadowjoey\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\shadowjoey\zombie panic! source\hl2.exe"="C:\Program Files\Steam\steamapps\shadowjoey\zombie panic! source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"="C:\Program Files\Lexmark X5400 Series\lxdvamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark X5400 Series\frun.exe"="C:\Program Files\Lexmark X5400 Series\frun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"="C:\Program Files\Lexmark X5400 Series\lxdvmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\lxdvcoms.exe"="C:\WINDOWS\system32\lxdvcoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvtime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Steam\steamapps\shadowjoey\age of chivalry\hl2.exe"="C:\Program Files\Steam\steamapps\shadowjoey\age of chivalry\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Java\jre1.5.0\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Steam\steamapps\shadowjoey\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\shadowjoey\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\shadowjoey\source sdk base 2007\hl2.exe"="C:\Program Files\Steam\steamapps\shadowjoey\source sdk base 2007\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Westwood\RA2\game.exe"="C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\Red Alert 2 Yuri's Revenge\gamemd.exe"="C:\Program Files\Red Alert 2 Yuri's Revenge\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Steam\steamapps\shadowjoey\team fortress classic\hl.exe"="C:\Program Files\Steam\steamapps\shadowjoey\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\shadowjoey\dystopia\hl2.exe"="C:\Program Files\Steam\steamapps\shadowjoey\dystopia\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\shadowjoey\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\shadowjoey\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\shadowjoey\opposing force\hl.exe"="C:\Program Files\Steam\steamapps\shadowjoey\opposing force\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\steamapps\shadowjoey\insurgency\hl2.exe"="C:\Program Files\Steam\steamapps\shadowjoey\insurgency\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

======List of files/folders created in the last 1 months======

2009-11-16 14:48:10 ----D---- C:\rsit
2009-11-14 22:18:18 ----D---- C:\parasite
2009-11-14 20:51:59 ----D---- C:\found.000
2009-11-14 18:12:50 ----D---- C:\MENTAL
2009-11-13 22:33:00 ----D---- C:\Program Files\Easy Music Composer Free
2009-11-12 21:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-11 21:26:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware1
2009-11-11 17:56:42 ----A---- C:\WINDOWS\zip.exe
2009-11-11 17:56:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-11 17:56:42 ----A---- C:\WINDOWS\SWSC.exe
2009-11-11 17:56:42 ----A---- C:\WINDOWS\SWREG.exe
2009-11-11 17:56:42 ----A---- C:\WINDOWS\sed.exe
2009-11-11 17:56:42 ----A---- C:\WINDOWS\PEV.exe
2009-11-11 17:56:42 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-11 17:56:42 ----A---- C:\WINDOWS\MBR.exe
2009-11-11 17:56:42 ----A---- C:\WINDOWS\grep.exe
2009-11-11 17:56:27 ----D---- C:\WINDOWS\ERDNT
2009-11-11 17:54:48 ----D---- C:\Qoobox
2009-11-10 17:38:30 ----D---- C:\Documents and Settings\Brenda\Application Data\Malwarebytes
2009-11-10 07:09:16 ----D---- C:\!KillBox
2009-11-09 11:21:06 ----D---- C:\Program Files\Cobian Backup 8
2009-11-08 14:04:08 ----D---- C:\VundoFix Backups
2009-11-08 14:04:08 ----A---- C:\VundoFix.txt
2009-11-08 13:43:54 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-08 13:36:35 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-08 13:36:20 ----D---- C:\Program Files\Lavasoft
2009-11-08 13:36:20 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-08 13:15:15 ----D---- C:\Program Files\mb
2009-11-08 13:11:51 ----D---- C:\Program Files\Trend Micro
2009-11-08 13:03:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-08 13:03:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-30 09:28:12 ----D---- C:\Program Files\Isotope244 Graphics
2009-10-23 18:41:05 ----D---- C:\Games
2009-10-21 16:28:38 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-10-21 16:27:51 ----D---- C:\Program Files\iPod
2009-10-21 16:27:45 ----D---- C:\Program Files\iTunes
2009-10-21 16:27:45 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-21 16:27:18 ----D---- C:\Program Files\Bonjour
2009-10-21 16:26:29 ----D---- C:\Program Files\QuickTime
2009-10-21 16:26:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-21 16:25:52 ----D---- C:\Program Files\Apple Software Update
2009-10-21 16:25:23 ----D---- C:\Program Files\Common Files\Apple
2009-10-21 16:25:23 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

======List of files/folders modified in the last 1 months======

2009-11-17 16:38:36 ----D---- C:\WINDOWS\Prefetch
2009-11-17 16:30:51 ----D---- C:\WINDOWS\system32\drivers
2009-11-17 16:30:36 ----D---- C:\WINDOWS\Temp
2009-11-17 16:27:25 ----D---- C:\Program Files\Mozilla Firefox
2009-11-17 16:27:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-17 09:47:19 ----SD---- C:\WINDOWS\Tasks
2009-11-17 09:38:33 ----D---- C:\Documents and Settings\Brenda\Application Data\gtk-2.0
2009-11-16 22:39:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-16 22:22:26 ----D---- C:\WINDOWS\system32
2009-11-15 15:14:08 ----D---- C:\WINDOWS
2009-11-15 15:14:08 ----A---- C:\WINDOWS\system.ini
2009-11-15 15:05:53 ----D---- C:\WINDOWS\AppPatch
2009-11-15 15:05:48 ----D---- C:\Program Files\Common Files
2009-11-15 14:02:31 ----D---- C:\Program Files\Steam
2009-11-15 11:28:56 ----D---- C:\HammerAutosave
2009-11-13 22:33:00 ----D---- C:\Program Files
2009-11-13 12:35:58 ----D---- C:\WINDOWS\system32\FxsTmp
2009-11-12 21:00:47 ----HD---- C:\WINDOWS\inf
2009-11-12 21:00:41 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-12 09:38:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-12 09:23:29 ----RASH---- C:\boot.ini
2009-11-12 09:23:29 ----A---- C:\WINDOWS\win.ini
2009-11-11 21:19:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-11 18:27:04 ----D---- C:\WINDOWS\system32\config
2009-11-11 17:57:02 ----SHD---- C:\System Volume Information
2009-11-11 17:57:02 ----D---- C:\WINDOWS\system32\Restore
2009-11-08 19:37:58 ----D---- C:\WINDOWS\pss
2009-11-08 13:38:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-08 13:36:35 ----SHD---- C:\WINDOWS\Installer
2009-11-08 13:36:35 ----D---- C:\Config.Msi
2009-11-04 06:44:40 ----A---- C:\WINDOWS\imsins.BAK
2009-11-04 06:44:31 ----D---- C:\WINDOWS\ie8updates
2009-11-03 22:14:40 ----D---- C:\Fraps
2009-11-03 21:35:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-01 06:09:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-30 08:44:02 ----D---- C:\Program Files\WeGame
2009-10-23 16:02:37 ----D---- C:\Program Files\SystemRequirementsLab
2009-10-23 14:56:54 ----D---- C:\Program Files\Pivot Stickfigure Animator
2009-10-22 03:19:04 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 09:05:33 ----D---- C:\Documents and Settings\Brenda\Application Data\U3
2009-10-20 05:12:56 ----D---- C:\WINDOWS\Help
2009-10-19 11:16:03 ----D---- C:\Documents and Settings\Brenda\Application Data\AdobeUM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-01-04 13184]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-30 12928]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Brenda\LOCALS~1\Temp\catchme.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 rootre;rootre; \??\C:\WINDOWS\system32\drivers\rootre.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-01-04 239104]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-04 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-08 1179232]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-03-17 38912]
R2 lxdv_device;lxdv_device; C:\WINDOWS\system32\lxdvcoms.exe [2007-10-18 594600]
R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe [2007-10-18 98984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-17 75064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EBCGIOME;EBCGIOME; C:\DOCUME~1\Brenda\LOCALS~1\Temp\EBCGIOME.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe [2009-08-26 16680]
S3 HXNNO;HXNNO; C:\DOCUME~1\Brenda\LOCALS~1\Temp\HXNNO.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 IEEMLS;IEEMLS; C:\DOCUME~1\Brenda\LOCALS~1\Temp\IEEMLS.exe []
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 MF;MF; C:\DOCUME~1\Brenda\LOCALS~1\Temp\MF.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
**************************************************

info.txt logfile of random's system information tool 1.06 2009-11-17 16:42:32

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Afraid of Monsters: Director's Cut v1.0-->c:\program files\steam\steamapps\shadowjoey\half-life\AoMDC\uninstaomdc.exe
Age of Chivalry-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17510
Agere Systems PCI Soft Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Cobian Backup 8-->C:\Program Files\Cobian Backup 8\cbUninstall.exe
Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}
Desktop Destroyer 3D Screensaver Free-->C:\Documents and Settings\Joey's Games\Desktop\Desktop Destroyer\uninst.exe
Download Manager 2.3.9-->C:\Program Files\Download Manager\uninst.exe
Dystopia-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17580
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
GCFScape 1.7.3-->"C:\Program Files\GCFScape\unins000.exe"
GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GoToAssist Corporate-->C:\Program Files\Citrix\GoToAssist\570\G2AUninstaller.exe /uninstall
Half-Life : Red Alert (ep.1 demo)-->MsiExec.exe /I{027A831B-3DC1-42B6-9AD8-B1A9CACA1A65}
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life Decay PC 1.0-->"c:\program files\steam\SteamApps\shadowjoey\half-life\decay\unins000.exe"
Half-Life-->"C:\Program Files\Steam\steam.exe" steam://uninstall/70
Half-Mind-->"C:\Program Files\Steam\steamapps\SourceMods\Half-Mind\unins000.exe"
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Manager 1.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet All-In-One Series-->C:\Program Files\HP\Digital Imaging\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}\setup\hpzscr01.exe -datfile hpwscr20.dat -forcereboot
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Insurgency-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17700
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Jailbreak Source v0.4.1-->"C:\Program Files\Steam\steamapps\SourceMods\Jailbreak\unins000.exe"
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Left 4 Dead 2 Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/590
Lexmark X5400 Series-->C:\Program Files\Lexmark X5400 Series\Install\x86\Uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware1\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Natural Selection 3.2-->"c:\program files\steam\steamapps\shadowjoey\half-life\unins000.exe"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\setup.exe" -l0x9 -removeonly
Nightmare House Final-->c:\program files\steam\steamapps\shadowjoey\half-life 2\hl2\maps\uninst.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Opposing Force-->"C:\Program Files\Steam\steam.exe" steam://uninstall/50
Perfect Dark: Source Beta 1.1730-->"c:\program files\steam\SteamApps\SourceMods\pdark\unins000.exe"
Point Of View 1.1-->C:\PROGRAM FILES\STEAM\STEAMAPPS\SHADOWJOEY\HALF-LIFE\Uninstal.exe
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Adobe Photoshop Album 2.0 Starter Edition installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Adobe_PhotoShop_Album\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Microsoft Money 2005 installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem1.inf
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Source SDK Base - Orange Box-->"C:\Program Files\Steam\steam.exe" steam://uninstall/218
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Source SDK-->"C:\Program Files\Steam\steam.exe" steam://uninstall/211
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sven Co-op 4.0B-->C:\WINDOWS\unvise32.exe c:\program files\steam\steamapps\shadowjoey\half-life\SvenCoop\uninstal.log
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
System Requirements Lab-->MsiExec.exe /I{9EBDAF91-DADA-47CE-94F2-F5B004007934}
Team Fortress Classic-->"C:\Program Files\Steam\steam.exe" steam://uninstall/20
TortoiseSVN 1.6.3.16613 (32 bit)-->MsiExec.exe /X{3BC1954F-F5C9-4ED2-BB2A-BAEEF4DAC74D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Valve Hammer Editor-->C:\PROGRA~1\VALVEH~1\UNWISE.EXE C:\PROGRA~1\VALVEH~1\INSTALL.LOG
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WeGame Client Public Beta 1.1.6-->"C:\Program Files\WeGame\unins000.exe"
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
YouTube Downloader 2.5.1-->"C:\Program Files\YouTube Downloader\uninstall.exe"
Zombie Panic! Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17500

=====HijackThis Backups=====

O20 - AppInit_DLLs: c:\windows\system32\dokanisu.dll kedohugu.dll c:\windows\system32\delidubu.dll [2009-11-09]
O20 - AppInit_DLLs: c:\windows\system32\seyomaju.dll,kupirire.dll [2009-11-10]
O20 - AppInit_DLLs: kupirire.dll [2009-11-10]
O4 - HKLM\..\Run: [wujayejed] Rundll32.exe "c:\windows\system32\seyomaju.dll",a [2009-11-10]
O20 - AppInit_DLLs: kupirire.dll [2009-11-10]
O20 - AppInit_DLLs: kupirire.dll [2009-11-10]
O20 - AppInit_DLLs: kupirire.dll [2009-11-10]
O4 - HKUS\S-1-5-21-1149640134-3749747486-1088642774-1015\..\Run: [wujayejed] Rundll32.exe "c:\windows\system32\delidubu.dll",a (User 'Shaun') [2009-11-11]

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 091117-1]

======System event log======

Computer Name: KITCHENPC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 19200
Source Name: Service Control Manager
Time Written: 20091028000150.000000-300
Event Type: error
User:

Computer Name: KITCHENPC
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 19194
Source Name: W32Time
Time Written: 20091027195407.000000-300
Event Type: warning
User:

Computer Name: KITCHENPC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 19162
Source Name: Service Control Manager
Time Written: 20091027061616.000000-300
Event Type: error
User:

Computer Name: KITCHENPC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 19131
Source Name: Service Control Manager
Time Written: 20091027052503.000000-300
Event Type: error
User:

Computer Name: KITCHENPC
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 19125
Source Name: W32Time
Time Written: 20091026210904.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: KITCHENPC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 86
Source Name: MsiInstaller
Time Written: 20090727190823.000000-300
Event Type: warning
User: KITCHENPC\Joey's Games

Computer Name: KITCHENPC
Event Code: 1517
Message: Windows saved user KITCHENPC\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 70
Source Name: Userenv
Time Written: 20090727172201.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KITCHENPC
Event Code: 1517
Message: Windows saved user KITCHENPC\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 40
Source Name: Userenv
Time Written: 20090619094901.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KITCHENPC
Event Code: 1517
Message: Windows saved user KITCHENPC\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 26
Source Name: Userenv
Time Written: 20090619092842.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KitchenPC
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.


Record Number: 1
Source Name: Windows Product Activation
Time Written: 20090619111234.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Python22;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Common Files\HP\Digital Imaging\\bin;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"vproject"=c:\program files\steam\steamapps\shadowjoey\half-life 2\hl2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

-Brenda-

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:57 AM

Posted 18 November 2009 - 01:47 PM

Hi,


Looks good :(



Step 1

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.





Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt







Step 3

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet are a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.






Please post back with:
  • ESET-Logfile
  • Fresh RSIT-Logfile

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users