Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RSIT report and Info Settings report


  • This topic is locked This topic is locked
12 replies to this topic

#1 nascar_guy

nascar_guy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 11 December 2009 - 01:14 PM

In advice from Garmanma am posting the RSIT log report, as I tried to run the DDS report and it failed multiple times to generate a report....many thanks for all the helpROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/11 01:55
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xA9FCE000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF7B18000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xA999C000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:hiberfil.sys
Status: Locked to the Windows API!

Path: C:WINDOWScurslib.dll
Status: Invisible to the Windows API!

Path: C:WINDOWSsystem32curslib.dll
Status: Invisible to the Windows API!

Path: C:WINDOWSsystem32wincert.dll
Status: Invisible to the Windows API!

Path: C:WINDOWSsystem32config
Status: Invisible to the Windows API!

Path: C:Program FilesDellMedia ExperienceIAPCSDKwin
Status: Invisible to the Windows API!

Path: C:Program FilesCommon FilesAdobeTypeSptUnicodeMappingswin
Status: Invisible to the Windows API!

Path: C:Program FilesInterActualInterActual PlayerPatchesartisan10000017000024000008t2xwin
Status: Invisible to the Windows API!

Path: C:Program FilesInterActualInterActual PlayerPatchesartisan10000017000024000008t2x2win
Status: Invisible to the Windows API!

Path: C:Program FilesInterActualInterActual PlayerPatchesartisan10000017000024000010t2xwin
Status: Invisible to the Windows API!

Path: C:Program FilesInterActualInterActual PlayerPatchesartisan10000017000024000010t2x2win
Status: Invisible to the Windows API!

Path: C:Documents and SettingsAll UsersApplication DataYahoo!MessengerPlugin16762d37-0eb1-40d0-5863-5fa5ade02675.ypluginresourcei18nco
Status: Invisible to the Windows API!

Path: C:Documents and SettingsAnna JonesApplication DataGtekGTUpdateAUpdateChannelsch_u1HTMLconfig
Status: Invisible to the Windows API!

Path: C:Documents and SettingsAnna JonesApplication DataGtekGTUpdateAUpdateChannelsch_u2HTMLconfig
Status: Invisible to the Windows API!

Path: C:Documents and SettingsAnna JonesApplication DataGtekGTUpdateAUpdateChannelsch_u3HTMLconfig
Status: Invisible to the Windows API!

Path: C:Documents and SettingsAnna JonesApplication DataGtekGTUpdateAUpdateChannelsch_u4HTMLconfig
Status: Invisible to the Windows API!

Path: C:Documents and SettingsGuestApplication DataGTekGTUpdateAUpdateChannelsch_u1HTMLconfig
Status: Invisible to the Windows API!

Path: C:Documents and SettingsGuestApplication DataGTekGTUpdateAUpdateChannelsch_u2HTMLconfig
Status: Invisible to the Windows API!

Path: C:Documents and SettingsGuestApplication DataGTekGTUpdateAUpdateChannelsch_u3HTMLconfig
Status: Invisible to the Windows API!

Path: C:Documents and SettingsGuestApplication DataGTekGTUpdateAUpdateChannelsch_u4HTMLconfig
Status: Invisible to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "TfSysMon.sys" at address 0xf73d2a1c

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf73e7cde

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf73e7ed0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "TfSysMon.sys" at address 0xf73d2c10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf73d2cb6

#: 119 Function Name: NtOpenKey
Status: Hooked by "TfSysMon.sys" at address 0xf73d290c

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7407d60

#: 247 Function Name: NtSetValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf73d2e52

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "TfSysMon.sys" at address 0xf73d4b30

==EOF==

Logfile of random's system information tool 1.06 (written by random/random)
Run by user1 at 2009-12-11 11:34:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 57 GB (77%) free of 73 GB
Total RAM: 1014 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:53 AM, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesSpyware DoctorBDTBDTUpdateService.exe
C:Program FilesSPAMfightersfus.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:Program FilesLinksys Wireless-G PCI Network Adapter with SpeedBoosterWLService.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesLinksys Wireless-G PCI Network Adapter with SpeedBoosterWMP54GSv1_1.exe
C:Program FilesCanonCALCALMAIN.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSstsystra.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesMicrosoft IntelliType Proitype.exe
C:Program FilesSPAMfighterSFAgent.exe
C:Program FilesYahoo!Search ProtectionSearchProtection.exe
C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesMicrosoft Location FinderLocationFinder.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe
C:Documents and Settingsuser1DesktopRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microuser1.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [VSOCheckTask] "C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentmcupdate.exe
O4 - HKLM..Run: [MSKDetectorExe] C:PROGRA~1McAfeeSPAMKI~1MSKDetct.exe /startup
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe
O4 - HKLM..Run: [VirusScan Online] C:Program FilesMcAfee.comVSOmcvsshld.exe
O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [itype] "C:Program FilesMicrosoft IntelliType Proitype.exe"
O4 - HKLM..Run: [SPAMfighter Agent] "C:Program FilesSPAMfighterSFAgent.exe" update delay 60
O4 - HKLM..Run: [YSearchProtection] "C:Program FilesYahoo!Search ProtectionSearchProtection.exe"
O4 - HKLM..Run: [LVCOMS] C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [ISUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [yebotuyat] Rundll32.exe "c:windowssystem32dugiwise.dll",a
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Microsoft Location Finder] "C:Program FilesMicrosoft Location FinderLocationFinder.exe"
O4 - HKCU..Run: [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Messenger (Yahoo!)] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [calc] rundll32.exe C:DOCUME~1user1ntuser.dll,_IWMPEvents@0
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:Program FilesIntuitQuickBooksComponentsQBAgentqbdagent2001.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:program filesmcafeespamkillermcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:program filesmcafeespamkillermcapfbho.dll (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesCommon FilesMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1260402372234
O17 - HKLMSystemCCSServicesTcpip..{2FCB2E23-0223-4271-B9D7-90281A2DE670}: NameServer = 209.209.192.10,209.209.192.20
O17 - HKLMSystemCCSServicesTcpip..{5DFB7909-52CB-475C-8568-07170F5C4A72}: NameServer = 209.209.192.10,209.209.192.20
O17 - HKLMSystemCCSServicesTcpip..{FDBDC92C-EF7B-4C67-A327-AB53EF0C545A}: NameServer = 193.104.110.38,4.2.2.1,206.255.119.249 204.174.16.4 204.174.18.2
O21 - SSODL: ravirimed - {8445d5fa-55a6-476d-9cc3-3b72fc3be8a9} - (no file)
O21 - SSODL: tigagiwek - {b82ff52a-0997-4f26-a296-5888b73b6973} - (no file)
O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {8445d5fa-55a6-476d-9cc3-3b72fc3be8a9} - (no file)
O22 - SharedTaskScheduler: gahurihor - {b82ff52a-0997-4f26-a296-5888b73b6973} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:Program FilesSpyware DoctorBDTBDTUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:Program FilesSPAMfightersfus.exe
O23 - Service: ThreatFire - PC Tools - C:Program FilesSpyware DoctorTFEngineTFService.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:Program FilesLinksys Wireless-G PCI Network Adapter with SpeedBoosterWLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

--
End of file - 11209 bytes

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksjottwckw.job
C:WINDOWStasksMcAfee.com Scan for Viruses - My Computer (USER_1-user1).job
C:WINDOWStasksMicrosoft_Hardware_Launch_IType_exe.job
C:WINDOWStasksRegCure Program Check.job
C:WINDOWStasksRegCure Startup.job
C:WINDOWStasksRegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:Program FilesYahoo!CompanionInstallscpn1yt.dll [2009-09-19 1172280]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:progra~1mcafee.comvsomcvsshl.dll []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:Program FilesYahoo!CompanionInstallscpn1yt.dll [2009-09-19 1172280]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"igfxtray"=C:WINDOWSsystem32igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:WINDOWSsystem32hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:WINDOWSsystem32igfxpers.exe [2005-10-14 114688]
"SigmatelSysTrayApp"=C:WINDOWSstsystra.exe [2005-03-22 339968]
"ISUSScheduler"=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-06-10 81920]
"VSOCheckTask"=C:PROGRA~1McAfee.comVSOmcmnhdlr.exe [2005-07-08 151552]
"OASClnt"=C:Program FilesMcAfee.comVSOoasclnt.exe [2005-08-11 53248]
"MCAgentExe"=c:PROGRA~1mcafee.comagentmcagent.exe []
"MCUpdateExe"=C:PROGRA~1mcafee.comagentmcupdate.exe []
"MSKDetectorExe"=C:PROGRA~1McAfeeSPAMKI~1MSKDetct.exe [2006-11-07 1121280]
"Google Desktop Search"=C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2006-06-05 169472]
"MSKAGENTEXE"=C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe []
"VirusScan Online"=C:Program FilesMcAfee.comVSOmcvsshld.exe [2005-08-10 163840]
"MPFExe"=C:PROGRA~1McAfee.comPERSON~1MpfTray.exe []
"QuickTime Task"=C:Program FilesQuickTimeqttask.exe [2009-09-05 417792]
"itype"=C:Program FilesMicrosoft IntelliType Proitype.exe [2008-06-10 1442888]
"SPAMfighter Agent"=C:Program FilesSPAMfighterSFAgent.exe [2009-06-19 333960]
"YSearchProtection"=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2009-02-23 111856]
"LVCOMS"=C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE [2001-09-06 94208]
"iTunesHelper"=C:Program FilesiTunesiTunesHelper.exe [2009-10-28 141600]
"ISUSPM Startup"=C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe [2005-06-10 249856]
"yebotuyat"=c:windowssystem32dugiwise.dll,a []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"MSMSGS"=C:Program FilesMessengermsmsgs.exe [2008-04-13 1695232]
"Microsoft Location Finder"=C:Program FilesMicrosoft Location FinderLocationFinder.exe [2005-08-24 101080]
"Search Protection"=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2009-02-23 111856]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:Program FilesYahoo!MessengerYahooMessenger.exe [2009-11-10 5244216]
"calc"=C:DOCUME~1user1ntuser.dll,_IWMPEvents@0 []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBuildBU]
c:dellbldbubg.exe [2006-06-05 61440]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDellSupport]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDMXLauncher]
C:Program FilesDellMedia ExperienceDMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregECenter]
c:dellE-Centergtb.exe [2006-02-22 49152]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMimBoot]
C:PROGRA~1MUSICM~1MUSICM~3mimboot.exe [2005-09-08 8192]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMMTray]
C:PROGRA~1MUSICM~1MUSICM~3mm_tray.exe [2005-09-08 110592]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQBReminderFlash]
C:Program FilesIntuitQuickBooks 2005AtomQBReminder.exe [2004-11-11 26112]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeqttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRealTray]
C:Program FilesRealRealPlayerRealPlay.exe [2006-06-05 26112]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:PROGRA~1AMERIC~1.0aoltray.exe [2004-09-01 156784]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:PROGRA~1COMMON~1IntuitQUICKB~1QBUpdateqbupdate.exe [2004-11-11 806912]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
Microsoft Office.lnk - C:Program FilesMicrosoft OfficeOffice10OSA.EXE
QuickBooks 2001 Delivery Agent.lnk - C:Program FilesIntuitQuickBooksComponentsQBAgentqbdagent2001.exe

C:Documents and Settingsuser1Start MenuProgramsStartup
scandisk.lnk -

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
ravirimed - {8445d5fa-55a6-476d-9cc3-3b72fc3be8a9}
tigagiwek - {b82ff52a-0997-4f26-a296-5888b73b6973}

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerSharedTaskScheduler]
jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004}
tokatiluy - {8445d5fa-55a6-476d-9cc3-3b72fc3be8a9}
gahurihor - {b82ff52a-0997-4f26-a296-5888b73b6973}

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-12-11 11:34:42 ----D---- C:rsit
2009-12-11 11:34:42 ----D---- C:Program Filestrend micro
2009-12-11 02:04:42 ----A---- C:RootRepeal report 12-11-09 (02-04-42).txt
2009-12-10 12:39:11 ----A---- C:WINDOWSsystem32mucltui.dll.mui
2009-12-10 12:39:11 ----A---- C:WINDOWSsystem32mucltui.dll
2009-12-09 19:35:55 ----A---- C:WINDOWSunvise32.exe
2009-12-09 19:35:30 ----D---- C:Program FilesRegistry Patrol
2009-12-09 19:13:09 ----D---- C:Documents and SettingsAll UsersApplication DataRegCure
2009-12-09 19:13:08 ----D---- C:Program FilesRegCure
2009-12-09 18:37:45 ----A---- C:WINDOWSsystem32MRT.exe
2009-12-09 18:36:20 ----HDC---- C:WINDOWS$NtUninstallKB973904$
2009-12-09 18:34:48 ----HDC---- C:WINDOWS$NtUninstallKB955759$
2009-12-09 18:34:35 ----HDC---- C:WINDOWS$NtUninstallKB974392$
2009-12-09 18:34:23 ----HDC---- C:WINDOWS$NtUninstallKB974318$
2009-12-09 18:34:10 ----HDC---- C:WINDOWS$NtUninstallKB971737$
2009-12-09 18:33:57 ----HDC---- C:WINDOWS$NtUninstallKB970430$
2009-12-09 17:16:46 ----A---- C:VundoFix.txt
2009-12-09 17:16:45 ----D---- C:VundoFix Backups
2009-12-09 17:13:35 ----A---- C:Program Filesjre-6u17-windows-i586-iftw-rv.exe
2009-12-09 15:46:48 ----SH---- C:WINDOWSsystem32hevayubi.dll
2009-12-09 15:46:47 ----SH---- C:WINDOWSsystem32hizupoye.dll
2009-12-09 15:40:17 ----A---- C:WINDOWSsystem32repozuyi.dll
2009-12-09 15:27:23 ----D---- C:Documents and Settingsuser1Application DataMalwarebytes
2009-12-07 11:45:35 ----SH---- C:WINDOWSsystem32hukovefo.dll
2009-12-07 11:45:34 ----SH---- C:WINDOWSsystem32lapujide.dll
2009-12-05 21:48:11 ----A---- C:WINDOWSSGDetectionTool.dll
2009-12-05 21:48:11 ----A---- C:WINDOWSBDTSupport.dll
2009-12-05 21:48:10 ----A---- C:WINDOWSPCTBDRes.dll
2009-12-05 21:48:10 ----A---- C:WINDOWSPCTBDCore.dll
2009-12-05 21:47:26 ----D---- C:Program FilesCommon FilesPC Tools
2009-12-05 21:47:25 ----D---- C:Program FilesSpyware Doctor
2009-12-05 21:47:25 ----D---- C:Documents and Settingsuser1Application DataPC Tools
2009-12-04 18:16:09 ----D---- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-12-04 18:13:31 ----D---- C:Program FilesMalwarebytes' Anti-Malware
2009-12-03 14:36:06 ----D---- C:Documents and SettingsAll UsersApplication DataPC Tools
2009-12-03 14:35:50 ----AD---- C:Documents and SettingsAll UsersApplication DataTEMP
2009-12-03 14:16:22 ----HD---- C:WINDOWSPIF
2009-12-03 14:03:41 ----D---- C:Program FilesWindows Live Safety Center
2009-12-03 13:52:25 ----D---- C:65b6395e01fb65db866d19ece9e6
2009-12-03 13:46:59 ----D---- C:ProgramData
2009-12-03 13:46:59 ----D---- C:Program FilesAngle Interactive
2009-12-03 11:45:18 ----A---- C:WINDOWSsystem32flags.ini
2009-12-03 08:06:31 ----A---- C:vbaaaah.exe
2009-11-25 03:01:21 ----HDC---- C:WINDOWS$NtUninstallKB976098-v2$
2009-11-25 03:01:04 ----HDC---- C:WINDOWS$NtUninstallKB973687$
2009-11-16 13:46:58 ----A---- C:WINDOWSntbtlog.txt
2009-11-13 03:00:49 ----HDC---- C:WINDOWS$NtUninstallKB969947$

======List of files/folders modified in the last 1 months======

2009-12-11 11:34:42 ----RD---- C:Program Files
2009-12-11 11:30:37 ----D---- C:WINDOWSPrefetch
2009-12-11 11:28:39 ----D---- C:WINDOWSTemp
2009-12-11 04:00:20 ----A---- C:WINDOWSSchedLgU.Txt
2009-12-11 01:54:23 ----D---- C:WINDOWSsystem32drivers
2009-12-11 01:13:30 ----D---- C:WINDOWS
2009-12-11 01:05:05 ----D---- C:WINDOWSsystem32CatRoot2
2009-12-11 00:34:53 ----D---- C:Program FilesSPAMfighter
2009-12-11 00:32:24 ----D---- C:WINDOWSsystem32
2009-12-10 12:39:10 ----HD---- C:WINDOWSinf
2009-12-09 19:13:27 ----SD---- C:WINDOWSTasks
2009-12-09 18:41:57 ----A---- C:WINDOWSsystem32PerfStringBackup.INI
2009-12-09 18:39:39 ----D---- C:WINDOWSAppPatch
2009-12-09 18:39:38 ----D---- C:Program FilesInternet Explorer
2009-12-09 18:36:17 ----HD---- C:WINDOWS$hf_mig$
2009-12-09 18:36:13 ----SHD---- C:WINDOWSInstaller
2009-12-09 18:35:54 ----D---- C:Program FilesMicrosoft Works
2009-12-09 18:34:56 ----A---- C:WINDOWSimsins.BAK
2009-12-09 18:34:51 ----RSHD---- C:WINDOWSsystem32dllcache
2009-12-09 18:33:18 ----D---- C:WINDOWSie8updates
2009-12-09 18:32:36 ----D---- C:WINDOWSWinSxS
2009-12-09 18:32:22 ----SD---- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-12-09 17:46:22 ----SD---- C:WINDOWSDownloaded Program Files
2009-12-09 17:16:26 ----A---- C:WINDOWSsystem.ini
2009-12-09 15:52:33 ----D---- C:Documents and SettingsAll UsersApplication DataMcAfee.com
2009-12-05 21:47:26 ----D---- C:Program FilesCommon Files
2009-12-05 12:38:36 ----D---- C:WINDOWSHelp
2009-12-05 11:15:48 ----A---- C:WINDOWSsystem32RFERRORS.TXT
2009-12-05 11:15:47 ----A---- C:WINDOWSsystem32rfmsglog.txt
2009-12-03 15:49:30 ----D---- C:Program FilesIntelinet
2009-12-03 15:27:21 ----SHD---- C:System Volume Information
2009-12-03 15:27:21 ----D---- C:WINDOWSsystem32Restore
2009-12-03 11:02:14 ----D---- C:WINDOWSnetwork diagnostic
2009-12-02 12:11:03 ----D---- C:Program FilesYahoo!
2009-12-02 12:10:58 ----D---- C:Documents and SettingsAll UsersApplication DataYahoo!
2009-12-02 08:53:14 ----D---- C:Documents and Settingsuser1Application DataApple Computer
2009-11-16 10:19:36 ----D---- C:Documents and Settingsuser1Application DataYahoo!
2009-11-16 09:42:52 ----D---- C:Documents and SettingsAll UsersApplication DataYahoo! Companion

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-13 14592]
R1 pctgntdi;pctgntdi; ??C:WINDOWSsystem32driverspctgntdi.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:WINDOWSsystem32DRIVERSAegisP.sys [2009-04-28 17801]
R2 ASCTRM;ASCTRM; C:WINDOWSsystem32driversASCTRM.sys [2006-06-05 8552]
R2 dsunidrv;DellSupport UniDriver; C:WINDOWSsystem32DRIVERSdsunidrv.sys [2007-02-25 5376]
R2 Nbf;NetBEUI Protocol; C:WINDOWSsystem32DRIVERSnbf.sys [2004-08-04 98176]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2004-08-04 55936]
R3 BCM43XX;Linksys Wireless-G PCI Network Adapter Driver; C:WINDOWSsystem32DRIVERSbcmwl5.sys [2007-06-26 610816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys [2009-05-18 26600]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; ??C:PROGRA~1LINKSY~1GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:WINDOWSsystem32driverssthda.sys [2005-11-16 1047816]
R3 TfNetMon;TfNetMon; ??C:WINDOWSsystem32driversTfNetMon.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:WINDOWSsystem32DRIVERSwanatw4.sys [2003-01-10 33588]
S3 BCM42RLY;BCM42RLY; ??C:WINDOWSSystem32BCM42RLY.SYS []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; ??C:Program FilesDellSupportGTActiontriggersDSproct.sys []
S3 E100B;Intel® PRO Network Connection Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2004-10-14 155648]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:WINDOWSsystem32DRIVERSel90xbc5.sys [2001-08-17 66591]
S3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32DRIVERSLVUSBSta.sys [2007-05-09 41888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-03 1897408]
S3 pctplsg;pctplsg; ??C:WINDOWSsystem32driverspctplsg.sys []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:WINDOWSsystem32DRIVERSLV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 winmes;winmes; ??C:WINDOWSsystem32winmes.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:WINDOWSsystem32DRIVERSagp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:WINDOWSsystem32DRIVERSagpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:WINDOWSsystem32DRIVERSalim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:WINDOWSsystem32DRIVERSamdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:WINDOWSsystem32DRIVERScbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:WINDOWSsystem32DRIVERSintelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:WINDOWSsystem32DRIVERSsisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:WINDOWSsystem32DRIVERSviaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:PROGRA~1COMMON~1AOLACSAOLacsd.exe [2004-04-07 1135728]
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:Program FilesSpyware DoctorBDTBDTUpdateService.exe [2009-11-10 112592]
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2007-01-31 96370]
R2 SPAMfighter Update Service;SPAMfighter Update Service; C:Program FilesSPAMfightersfus.exe [2009-06-19 189064]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R2 YahooAUService;Yahoo! Updater; C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:Program FilesiPodbiniPodService.exe [2009-10-28 545568]
S2 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2008-04-13 267776]
S2 WMP54GSSVC;WMP54GSSVC; C:Program FilesLinksys Wireless-G PCI Network Adapter with SpeedBoosterWLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:Program FilesDellSupportbrkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-06-24 182768]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe [2004-11-19 147456]
S3 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2009-11-06 1141712]
S3 ThreatFire;ThreatFire; C:Program FilesSpyware DoctorTFEngineTFService.exe [2009-11-12 70928]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Merged topics and posts. ~ OB

Edited by Orange Blossom, 11 December 2009 - 07:31 PM.


BC AdBot (Login to Remove)

 


#2 nascar_guy

nascar_guy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 11 December 2009 - 01:37 PM

Sorry but the first report sent was the ark.txt not the RSIT as names included with this are also the info settings, I hope I haven't messed anything up forinfo.txt logfile of random's system information tool 1.06 2009-12-11 11:35:28

======Uninstall list======

-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Linksys Wireless-G PCI Network Adapter with SpeedBooster-->C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Digital Image Standard 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006-->MsiExec.exe /I{06040040-3E21-46D6-9A91-D927BA08F41D}
Microsoft Location Finder-->MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft Money 2006-->"c:\program files\microsoft money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Streets & Trips 2006-->MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Word 2002-->MsiExec.exe /I{901B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NETGEAR FirstGear for RT338 v1.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FirstGear\Uninst.isu"
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks 2001-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95F9D960-C571-11D0-90F0-00001B1EFBA8}\setup.exe" -uninst
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickCam-->MsiExec.exe /I{43A9F944-0398-425E-9E22-201F65FE0CCA}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RegCure 2.0.0.0-->C:\Program Files\RegCure\uninst.exe
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
SPAMfighter-->"C:\Program Files\SPAMfighter\uninstall.exe" Remove
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: Spyware Doctor with AntiVirus (disabled)

======System event log======

Computer Name: USER_5
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the WMP54GSSVC service.

Record Number: 2465
Source Name: Service Control Manager
Time Written: 20091203090155.000000-360
Event Type: error
User:

Computer Name: USER_5
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the WMP54GSSVC service.

Record Number: 2464
Source Name: Service Control Manager
Time Written: 20091203090125.000000-360
Event Type: error
User:

Computer Name: USER_5
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the WMP54GSSVC service.

Record Number: 2463
Source Name: Service Control Manager
Time Written: 20091203090055.000000-360
Event Type: error
User:

Computer Name: USER_5
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the WMP54GSSVC service.

Record Number: 2461
Source Name: Service Control Manager
Time Written: 20091203090024.000000-360
Event Type: error
User:

Computer Name: USER_5
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the WMP54GSSVC service.

Record Number: 2460
Source Name: Service Control Manager
Time Written: 20091203085952.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: USER_5
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 570
Source Name: Microsoft Fax
Time Written: 20080908135623.000000-300
Event Type: warning
User:

Computer Name: USER_5
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 559
Source Name: Application Hang
Time Written: 20080906142143.000000-300
Event Type: error
User:

Computer Name: USER_5
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 558
Source Name: Application Hang
Time Written: 20080906142038.000000-300
Event Type: error
User:

Computer Name: USER_5
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Record Number: 557
Source Name: Application Error
Time Written: 20080906141920.000000-300
Event Type: error
User:

Computer Name: USER_5
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shdocvw.dll, version 6.0.2900.2877, fault address 0x00015984.

Record Number: 556
Source Name: Application Error
Time Written: 20080906141855.000000-300
Event Type: error
User:

=====Security event log=====

Computer Name: USER_5
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 209254
Source Name: Security
Time Written: 20091205123307.000000-360
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: USER_5
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Record Number: 209253
Source Name: Security
Time Written: 20091205123307.000000-360
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: USER_5
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: Secondary Logon Service

Record Number: 209252
Source Name: Security
Time Written: 20091205123301.000000-360
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: USER_5
Event Code: 615
Message: IPSec Services: IPSec Services has started successfully.



Record Number: 209251
Source Name: Security
Time Written: 20091205123255.000000-360
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: USER_5
Event Code: 615
Message: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.



Record Number: 209250
Source Name: Security
Time Written: 20091205123255.000000-360
Event Type: audit failure
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;g:\qqii;g:\qqii\backup;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0407
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
you....Thanks

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:04 PM

Posted 12 December 2009 - 10:39 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 nascar_guy

nascar_guy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 21 December 2009 - 04:20 PM

Hi here is the combofix report, had to create a

heyComboFix 09-12-20.08 - user1 12/21/2009 14:20:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.419 [GMT -6:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user1\Cookies\MM2048.DAT
c:\documents and settings\user1\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\EventSystem.log
c:\windows\system32\~.exe
c:\windows\system32\bszip.dll
c:\windows\system32\certstore.dat
c:\windows\system32\curslib.dll
c:\windows\system32\dutuhabe.dll
c:\windows\system32\flags.ini
c:\windows\system32\hevayubi.dll
c:\windows\system32\hivumiba.dll
c:\windows\system32\hizupoye.dll
c:\windows\system32\hukovefo.dll
c:\windows\system32\jazukimo.dll
c:\windows\system32\jomibeyo.dll
c:\windows\system32\lapujide.dll
c:\windows\system32\lijohoyo.dll
c:\windows\system32\uses32.dat
c:\windows\system32\wincert.dll
c:\windows\system32\winmes.sys
c:\windows\system32\wiyatuto.dll
c:\windows\system32\yabuvasu.dll
c:\windows\system32\yagerumu.dll
c:\windows\Tasks\upnamelk.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_winmes
-------\Service_winmes


((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-11 17:34 . 2009-12-11 17:35 -------- d-----w- C:\rsit
2009-12-11 17:34 . 2009-12-11 17:34 -------- d-----w- c:\program files\trend micro
2009-12-10 18:39 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-10 01:35 . 1999-12-17 16:13 86016 ----a-w- c:\windows\unvise32.exe
2009-12-10 01:35 . 2009-12-10 06:37 -------- d-----w- c:\program files\Registry Patrol
2009-12-10 01:13 . 2009-12-10 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-10 01:13 . 2009-12-10 01:19 -------- d-----w- c:\program files\RegCure
2009-12-10 00:06 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-09 23:16 . 2009-12-09 23:16 -------- d-----w- C:\VundoFix Backups
2009-12-09 23:13 . 2009-12-09 23:13 800544 ----a-w- c:\program files\jre-6u17-windows-i586-iftw-rv.exe
2009-12-09 22:56 . 2009-12-09 22:56 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple
2009-12-09 22:14 . 2009-11-12 16:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-12-09 22:14 . 2009-11-12 16:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-12-09 22:14 . 2009-11-12 16:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-12-09 21:27 . 2009-12-09 21:27 -------- d-----w- c:\documents and settings\user1\Application Data\Malwarebytes
2009-12-07 16:45 . 2009-12-07 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-12-06 03:48 . 2009-11-10 16:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-06 03:48 . 2009-11-10 16:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-06 03:48 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-06 03:48 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2009-12-06 03:48 . 2009-11-10 16:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-06 03:48 . 2009-11-10 16:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-06 03:48 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-06 03:47 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-06 03:47 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-06 03:47 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-06 03:47 . 2009-12-06 03:48 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-06 03:47 . 2009-12-21 20:10 -------- d-----w- c:\program files\Spyware Doctor
2009-12-06 03:47 . 2009-12-06 03:47 -------- d-----w- c:\documents and settings\user1\Application Data\PC Tools
2009-12-05 17:17 . 2009-12-05 17:17 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-12-05 00:16 . 2009-12-05 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-05 00:13 . 2009-12-09 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 20:58 . 2009-12-03 20:58 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\Threat Expert
2009-12-03 20:36 . 2009-12-06 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-03 20:35 . 2009-12-21 20:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-03 20:16 . 2009-12-03 20:16 -------- d--h--w- c:\windows\PIF
2009-12-03 20:03 . 2009-12-03 20:03 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-03 19:52 . 2009-12-03 19:52 -------- d-----w- C:\65b6395e01fb65db866d19ece9e6
2009-12-03 19:47 . 2009-12-03 19:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-03 19:46 . 2009-12-11 04:39 -------- d-----w- C:\ProgramData
2009-12-03 19:46 . 2009-12-03 19:54 -------- d-----w- c:\program files\Angle Interactive
2009-12-03 17:42 . 2009-12-03 17:42 -------- d-sh--w- c:\documents and settings\user1\IECompatCache
2009-12-03 14:07 . 2009-12-03 16:37 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\yeworx
2009-12-03 14:06 . 2009-12-03 14:06 231424 ----a-w- C:\vbaaaah.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 20:47 . 2009-06-26 19:05 -------- d-----w- c:\program files\SPAMfighter
2009-12-11 08:13 . 2006-07-03 22:17 6434 ----a-w- c:\documents and settings\user1\Application Data\wklnhst.dat
2009-12-10 00:35 . 2006-07-03 21:57 -------- d-----w- c:\program files\Microsoft Works
2009-12-09 21:52 . 2006-06-06 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-12-03 21:49 . 2009-08-11 14:36 -------- d-----w- c:\program files\Intelinet
2009-12-03 04:23 . 2007-10-17 00:31 4496 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-03 04:23 . 2007-10-17 00:31 88 --sh--r- c:\windows\system32\13A5C4AD95.sys
2009-12-02 18:11 . 2009-07-17 05:42 -------- d-----w- c:\program files\Yahoo!
2009-12-02 18:10 . 2009-07-17 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-02 14:53 . 2009-11-07 00:04 -------- d-----w- c:\documents and settings\user1\Application Data\Apple Computer
2009-11-21 15:51 . 2004-08-10 16:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 22:56 . 2009-11-18 22:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-11-16 22:36 . 2009-11-16 22:36 -------- d-----w- c:\documents and settings\Anna Jones\Application Data\Corel
2009-11-16 16:19 . 2009-07-17 05:43 -------- d-----w- c:\documents and settings\user1\Application Data\Yahoo!
2009-11-16 15:42 . 2009-07-17 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-10 15:50 . 2009-07-04 00:30 598 ----a-w- c:\documents and settings\Anna Jones\Application Data\wklnhst.dat
2009-11-07 00:04 . 2009-11-07 00:02 -------- d-----w- c:\program files\iTunes
2009-11-07 00:04 . 2009-11-07 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-07 00:02 . 2009-11-07 00:02 -------- d-----w- c:\program files\iPod
2009-11-07 00:02 . 2009-11-06 23:58 -------- d-----w- c:\program files\Common Files\Apple
2009-11-07 00:02 . 2009-11-07 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-07 00:02 . 2009-11-07 00:02 -------- d-----w- c:\program files\Bonjour
2009-11-07 00:02 . 2009-11-07 00:00 -------- d-----w- c:\program files\QuickTime
2009-11-06 23:59 . 2009-11-06 23:59 -------- d-----w- c:\program files\Apple Software Update
2009-11-06 23:58 . 2009-11-06 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-30 23:28 . 2006-07-18 19:20 84792 ----a-w- c:\documents and settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:45 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 02:58 . 2009-10-29 02:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-21 05:38 . 2004-08-10 16:51 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 16:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 03:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-10 16:51 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-10 16:51 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 16:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 13:48 . 2009-07-01 21:59 84792 ----a-w- c:\documents and settings\Anna Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 18:56 . 2009-06-30 18:56 56 --sh--r- c:\windows\system32\A8B18997A5.sys
2009-09-11 23:00 . 2009-09-11 23:00 6144 --sha-w- c:\windows\system32\balifeze.dll
2009-09-14 23:39 . 2009-09-14 23:39 3 --sha-w- c:\windows\system32\nizedage.dll
2009-09-14 23:39 . 2009-09-14 23:39 3 --sha-w- c:\windows\system32\peluloge.dll
2009-09-11 23:00 . 2009-09-11 23:00 3 --sha-w- c:\windows\system32\pemuwiru.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-06 169472]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-06-19 333960]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-06 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks 2001 Delivery Agent.lnk - c:\program files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe [2006-7-3 204800]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2006-06-06 04:29 61440 ----a-w- c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-02-22 23:00 49152 ----a-w- c:\dell\E-Center\GTB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-08 23:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-08 23:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
2004-11-11 14:26 26112 ----a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 07:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-06-06 04:47 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Spyware Doctor\\pctsTray.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/5/2009 9:47 PM 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/9/2009 4:14 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/9/2009 4:14 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/5/2009 9:48 PM 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/5/2009 9:48 PM 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/5/2009 9:47 PM 359624]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [6/19/2009 9:08 AM 189064]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/5/2009 9:47 PM 70408]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/9/2009 4:14 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
Trusted Zone: musicmatch.com\online
TCP: {2FCB2E23-0223-4271-B9D7-90281A2DE670} = 209.209.192.10,209.209.192.20
TCP: {5DFB7909-52CB-475C-8568-07170F5C4A72} = 209.209.192.10,209.209.192.20
TCP: {FDBDC92C-EF7B-4C67-A327-AB53EF0C545A} = 193.104.110.38,4.2.2.1,206.255.119.249 204.174.16.4 204.174.18.2
.
- - - - ORPHANS REMOVED - - - -

BHO-{77f56b60-f3e4-4d2f-a6c1-1b0ee75d859f} - jazukimo.dll
HKLM-Run-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
HKLM-Run-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
HKLM-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
HKLM-Run-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
HKLM-Run-yebotuyat - c:\windows\system32\nageduge.dll
HKLM-Run-weholugupu - jomibeyo.dll
SharedTaskScheduler-{8445d5fa-55a6-476d-9cc3-3b72fc3be8a9} - (no file)
SharedTaskScheduler-{b82ff52a-0997-4f26-a296-5888b73b6973} - (no file)
SSODL-ravirimed-{8445d5fa-55a6-476d-9cc3-3b72fc3be8a9} - (no file)
SSODL-tigagiwek-{b82ff52a-0997-4f26-a296-5888b73b6973} - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 14:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3172)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2009-12-21 14:54:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-21 20:54

Pre-Run: 58,654,031,872 bytes free
Post-Run: 60,874,579,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 92BBE1AB24A7A1CDC5F6F68AC536056D

Attached Files


Edited by Buckeye_Sam, 22 December 2009 - 08:08 AM.


#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:04 PM

Posted 22 December 2009 - 08:10 AM

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 nascar_guy

nascar_guy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 22 December 2009 - 03:26 PM

Hi I really haven't used it since I ran the Combofix or dare to reboot,waiting to hear back from you to see if the log report was clear. I did run spyware docotor and it said it found the program Combox fix and wanted to removed it but I didn't. Also there didn't seem to be any trojans or trojan generators, it did list just some adware like advertising cookies.

If I reboot the computer it shouldn't start up those virues again should it, but in answer it did seems to work faster like it should. Thanks a million for all your help.

#7 nascar_guy

nascar_guy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 22 December 2009 - 06:08 PM

Okay have just tried to do a search using the yahoo search bar and when I clicked on the link that I wanted to go to I was redirected to a totally different site...some off the wall unique search was the name and took me to a everday health site, any recommendations.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:04 PM

Posted 23 December 2009 - 08:27 AM

We need to run this special tool.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • If prompted to reboot, please do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

=======================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 nascar_guy

nascar_guy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 23 December 2009 - 03:58 PM

OK I have run the TDSSKILLER program but had to run it by simply clicking on the run button as when I tried the way you suggested a window came up stating it couldn't find the file. Also ran malware and found 52 infections log report attached.

After computer rebooted I could use the search bar and click on the link I wanted to go to and it worked without being redirected, I will use the computer more now to see if I run into anymore problems.

Also would you encourage the use of spyware doctor or another source of protection, am just curious as I have spyware doctor at this time.

Many many thanks for all your help, hope you and yours have a Merry Christmas and safe holidays.

TDSS rootkit removing tool, Kaspersky Lab 2009
version 2.1.1 Dec 20 2009 02:40:02

Scanning Registry ...

Scanning Kernel memory ...

Completed

Results:
Infected objects in memory: 0
Cured objects in memory: 0
Infected objects on disk: 0
Objects on disk cured on reboot: 0
Objects on disk deleted on reboot: 0
Registry nodes deleted on reboot: 0

Press any key to continue . . .



Malwarebytes' Anti-Malware 1.42
Database version: 3418
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/23/2009 2:14:16 PM
mbam-log-2009-12-23 (14-14-16).txt

Scan type: Quick Scan
Objects scanned: 130560
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 51

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fdbdc92c-ef7b-4c67-a327-ab53ef0c545a}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,206.255.119.249 204.174.16.4 204.174.18.2 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs (Rogue.Intelinet) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\balifeze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nizedage.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\peluloge.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pemuwiru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\curslib.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{191B5D8B-1373-4E79-AFEF-81D9D3F798CA}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{A00F9B79-489E-482A-8AD7-A597B7DA4D19}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_11.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_13.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_16.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_17.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_18.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_20.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_21.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_25.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_26.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_27.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_08_28.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_09_03.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_09_08.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_09_10.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_09_15.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_09_20.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_01.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_03.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_05.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_06.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_12.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_13.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_20.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_21.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_22.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_23.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_28.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_10_30.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_02.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_04.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_05.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_07.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_11.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_12.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_14.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_16.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_17.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_21.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_25.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_11_30.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_12_02.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2009_12_03.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Documents and Settings\user1\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\vbaaaah.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Attached Files


Edited by Buckeye_Sam, 24 December 2009 - 08:43 AM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:04 PM

Posted 24 December 2009 - 08:48 AM

Well if you compare what Malwarebytes detected to what Spywaredoctor didn't I think you have your answer. :(
I haven't found another program that's been as effective as Malwarebytes on these current infections. It's not a cure all, but it does catch much more than other programs.

Let me know if your computer is still behaving properly and I'll post some final steps for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 nascar_guy

nascar_guy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 24 December 2009 - 12:16 PM

Hey thanks very much and yep your right on the malwarebytes was much more effective, I believe the computer is acting properly now...keeping my fingers crossed.....again thanks for all your help and I will be making a donation here shortly as well....Hope you and yours have a Merry Christmas!!!!!!

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:04 PM

Posted 26 December 2009 - 09:46 AM

Ok, finally getting caught up. Hope your Christmas was festive! :(
Here are some final steps and then some recommendations for you.


We need to remove Combofix now that we're done with it.
  • Click Start -> Run
  • Now type Combofix /uninstall in the runbox and click OK

==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:04 PM

Posted 24 January 2010 - 03:51 AM

Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users