Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected xp internet security 2010 plus more


  • This topic is locked This topic is locked
19 replies to this topic

#1 kbz1960

kbz1960

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:IL
  • Local time:12:27 AM

Posted 13 March 2010 - 12:21 PM

Hi, first off this is a co workers gateway laptop that has xp media center sp3, expired mcafee internet security installed when I got a hold of it. When I turned it and not being connected to the internet the xp internet security 2010 was doing it's thing. I then went to my computer and searched it, came across this guide bleeping computer and followed it except I was not going to connect the infected computer to the internet so I ran the fixexe which allowed me to install malwarebytes and run a scan. I can post logs if needed.

Malwarebytes found 88 or so items and removed them all. After a reboot xp internet security 2010 was gone. I then install superantispyware and ran it without updating or being online and it found 200 some items and removed them. After another reboot I uninstalled mcafee and ran the mcafee removal tool still not online. I then installed avast free 5.0 and turned the windows firewall on and reset to default. Then I installed ccleaner and ran it.

After getting online all seemed to be going good except some redirects etc. and that I can't load the windows update site I get the page can not be displayed. I downloaded ie 8 and installed it, same thing. I did turn on automatic updated which seemed to download and install the latest updates but still can not load the windows update site. I ran the hostexpert file. Still no change. Avast has also been blocking some malicious url's from svchost off and on the last one I caught while running the last scan for this is object: goorpt.info/page/index/, infection: URL:Mal, acton: blocked, Process: c:\windows\system32\svchost.exe. The threat was detected and blocked just before connecting to the URL.

Well every time I tried to post this last night I would get "page can not be found" so I ran a2free and it removed 2 things. I also uninstalled firefox and deleted the folder from everywhere I could find and then re downloaded and reinstalled it hoping that I'll be able to post here now and I was getting so tired I don't even remember what else I tried.

Had to copy the files to a flash drive and post from my computer even with fresh firefox on the infected computer every time I would try to post I would get the page can not be displayed. UGH

Thanks for any help you can give me.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 9:49:33.04 on Sat 03/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.443 [GMT -6:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
mSearch Page =
mStart Page = hxxp://www.msn.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mri_disabled
{02478d38-c3f9-4efb-9b51-7695eca05670}
{491b09ee-96bf-4213-8dc0-9a4a086234d8}
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
dRun: [Power2GoExpress] NA
dRun: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe
dRun: [A00FE397A.exe] c:\windows\temp\_A00FE397A.exe
dRun: [InetChk] c:\windows\temp\ms1238886400.exe work
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\mediac~1.lnk - c:\program files\hotalbummybox\MediaChecker.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\losamine.dll c:\windows\system32\zeyoheko.dll c:\windows\system32\vuranune.dll lululune.dll c:\windows\system32\jomibojo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\pumotozi.dll potibubi.dll
IFEO: zango.exe - c:\windows\system32\bleepzango.EXE

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\fe1sq48r.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {1AB5952D-25D5-41F0-9A2D-BDCBB5CE3960} - c:\windows\system32\config\systemprofile\local settings\application data\{1ab5952d-25d5-41f0-9a2d-bdcbb5ce3960}\
FF - HiddenExtension: XUL Cache: {99DC6CA9-124B-4D28-BF7E-E29B257D5858} - c:\documents and settings\owner\local settings\application data\{99DC6CA9-124B-4D28-BF7E-E29B257D5858}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-1-13 15172]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-11 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-3-13 1858144]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-26 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-11 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-11 40384]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-12-24 4408616]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2009-12-24 112936]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-11 40384]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-7-6 200576]
S2 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\turbine\turbine download manager\turbinemessageservice.exe" --> c:\program files\turbine\turbine download manager\TurbineMessageService.exe [?]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\turbine\turbine download manager\turbinenetworkservice.exe" --> c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [?]
S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2009-10-31 26112]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-12-24 15656]
S3 XDva226;XDva226;\??\c:\windows\system32\xdva226.sys --> c:\windows\system32\XDva226.sys [?]
S3 XDva273;XDva273;\??\c:\windows\system32\xdva273.sys --> c:\windows\system32\XDva273.sys [?]
S3 XDva276;XDva276;\??\c:\windows\system32\xdva276.sys --> c:\windows\system32\XDva276.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva302;XDva302;\??\c:\windows\system32\xdva302.sys --> c:\windows\system32\XDva302.sys [?]

=============== Created Last 30 ================

2010-03-13 14:05:53 0 d-----w- c:\program files\a-squared Free
2010-03-13 02:36:30 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-03-13 01:30:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-13 01:30:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-12 23:31:58 54016 ----a-w- c:\windows\system32\drivers\kpoisf.sys
2010-03-12 05:20:45 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-03-12 05:20:41 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-03-12 05:20:39 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-03-12 05:20:35 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-03-12 05:20:31 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-03-12 05:20:24 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-03-12 05:20:20 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-03-12 05:20:18 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-03-12 05:20:14 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-03-12 05:20:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-03-12 05:18:59 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2010-03-12 05:18:54 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2010-03-12 05:18:50 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2010-03-12 05:18:46 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2010-03-12 05:18:42 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-03-12 05:18:37 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-03-12 05:18:29 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-03-12 05:18:19 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-03-12 05:18:15 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-03-12 05:18:09 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-03-12 05:18:05 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-03-12 05:18:01 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-03-12 05:16:58 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-03-12 05:15:59 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-03-12 05:14:59 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-03-12 05:13:57 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-03-12 05:12:57 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-03-12 05:11:59 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-03-12 05:10:57 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2010-03-12 05:09:57 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-03-12 05:08:58 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2010-03-12 05:07:56 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2010-03-12 05:06:58 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-03-12 05:05:58 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-03-12 05:04:53 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-03-12 05:04:51 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-03-12 05:04:40 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-03-12 05:04:37 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-03-12 05:04:21 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-03-12 05:04:14 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-03-12 05:04:08 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-03-12 05:04:05 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-03-12 05:04:01 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-03-12 05:02:57 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2010-03-12 05:01:40 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-03-12 05:00:59 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-03-12 04:59:58 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-03-12 04:58:57 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2010-03-12 04:57:58 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-03-12 04:56:59 26141 -c--a-w- c:\windows\system32\dllcache\el589nd5.sys
2010-03-12 04:55:59 21606 -c--a-w- c:\windows\system32\dllcache\digiisdn.sys
2010-03-12 04:54:58 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2010-03-12 04:53:53 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-03-12 04:52:59 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-03-12 04:51:38 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-03-12 04:32:48 0 d-----w- c:\windows\ie8updates
2010-03-12 04:30:48 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-12 04:30:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-12 04:04:47 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-03-12 04:00:28 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-03-12 03:57:16 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-03-12 03:53:01 0 dc-h--w- c:\windows\ie8
2010-03-12 02:21:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-12 01:55:23 0 d-----w- c:\program files\CCleaner
2010-03-12 00:24:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-12 00:23:38 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-12 00:23:38 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-03-11 22:29:53 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-03-11 22:29:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 22:29:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 22:29:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-11 22:29:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 22:14:33 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-08 05:08:33 0 d-----w- c:\docume~1\owner\applic~1\Facebook

==================== Find3M ====================

2010-03-12 23:49:19 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-11 03:16:10 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-09 22:40:14 952 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-02-09 22:40:14 88 --sh--r- c:\docume~1\alluse~1\applic~1\32A951981C.sys
2010-01-20 03:17:02 40808 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-25 03:58:01 129784 ------w- c:\windows\system32\pxafs.dll
2009-12-25 03:58:00 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-12-25 03:57:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 02:02:54 138056 ----a-w- c:\docume~1\owner\applic~1\PnkBstrK.sys
2009-12-17 02:02:30 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-17 02:02:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-17 02:02:18 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-10-28 23:24:32 1024 ----a-w- c:\program files\MAA.srm

============= FINISH: 9:51:07.90 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 14 March 2010 - 02:01 PM

Hello, kbz1960.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 kbz1960

kbz1960
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:IL
  • Local time:12:27 AM

Posted 14 March 2010 - 04:15 PM

Thanks for helping me!

Wow the gmer scan takes a long time!

Since my first post I have uninstalled or tried to uninstall a couple programs since my post, one was a facebook plug in and I tried to uninstall the redirect thing but it would just flash and nothing would happen. I ran a couple scans with the intention of not having them do anything but just to see what they came up with and they found nothing.

Also I have the last redirect and a random page that loaded in a new tab while reading the post.

http://7search.com/scripts/validation/v1/v...KkS%2bB5cVNxRHW

Poped up in a new tab while running gmer.
http://hotjobs.yahoo.com/

And here the log from avast that it blocked yesterday.
11.03.2010 21:46:09 Network Shield: blocked access to malicious site 湯湡楴灳睹牡⹥潣⽭ㅳ㼯ㅔ橒䕢唱呑䭆䕖㍖啔噎歍吱塖乨䕖獆噔䙒き啰塒偤ㅑ㑖啔湒䕢唵坕佸䙖獆噔䙒つ啰塒佨噥㑖啔湒䕢唱呑䭒䙖㙖汓乒䕎啰塒佨噡㑖啔噒䕢唱呑䭖䕖㍖噔噎歍吱呖偂ㅕ硕啔噎啍䐵呖但噡硕噔噎啍䐵呖乆噥硕塔噬啍䐵呖但步〰塔剰睤㴽 [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 3124 ) ]
12.03.2010 21:48:35 Network Shield: blocked access to malicious site 潧牯瑰椮普⽯慰敧椯摮硥/ [ C:\WINDOWS\System32\svchost.exe ( 1044 ) ]


gmer crashed but not the computer while running so the log is with devices unchecked. I also unplugged from the internet to run your gmer and am posting the logs from my laptop.

Here are the logs.

log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-14 14:09:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (27%) free of 69 GB
Total RAM: 958 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:13 PM, on 3/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\My Documents\z\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {491B09EE-96BF-4213-8DC0-9A4A086234D8} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [A00FE397A.exe] C:\WINDOWS\TEMP\_A00FE397A.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [InetChk] C:\WINDOWS\TEMP\ms1238886400.exe work (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: MRI_DISABLED
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\losamine.dll c:\windows\system32\zeyoheko.dll c:\windows\system32\vuranune.dll lululune.dll c:\windows\system32\jomibojo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (file missing)
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 7547 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\gnpbigko.job
C:\WINDOWS\tasks\rycjelrl.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{491B09EE-96BF-4213-8DC0-9A4A086234D8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-05 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-05 688218]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"Turbine Download Manager Tray Icon"=C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe [2007-02-09 789120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\xfire.exe [2010-02-10 3207056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MRI_DISABLED

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\losamine.dll c:\windows\system32\zeyoheko.dll c:\windows\system32\vuranune.dll lululune.dll c:\windows\system32\jomibojo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-28 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\pumotozi.dll
potibubi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac62bfef-2707-11db-a8e2-806d6172696f}]
shell\AutoRun\command - D:\setupSNK.exe


======List of files/folders created in the last 1 months======

2010-03-14 14:09:02 ----DC---- C:\rsit
2010-03-13 10:32:31 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2010-03-13 10:32:18 ----D---- C:\Program Files\Mozilla Firefox
2010-03-13 09:05:53 ----D---- C:\Program Files\a-squared Free
2010-03-13 09:02:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-12 20:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-12 20:49:40 ----D---- C:\Program Files\Common Files\Java
2010-03-12 20:30:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-12 20:30:16 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-12 20:30:16 ----A---- C:\WINDOWS\system32\java.exe
2010-03-12 20:30:16 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-11 23:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-11 23:38:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-11 23:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-11 23:37:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-11 23:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-11 23:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-11 23:36:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-11 23:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-11 23:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-11 23:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-11 23:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-11 23:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-11 23:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-11 23:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-11 23:33:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-11 23:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-11 23:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-11 23:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-11 23:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-11 23:32:48 ----D---- C:\WINDOWS\ie8updates
2010-03-11 23:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-11 23:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-11 22:53:01 ----HDC---- C:\WINDOWS\ie8
2010-03-11 21:21:42 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-11 21:21:31 ----D---- C:\Program Files\Alwil Software
2010-03-11 21:21:31 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-03-11 20:55:23 ----D---- C:\Program Files\CCleaner
2010-03-11 19:24:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-11 19:23:38 ----D---- C:\Program Files\SUPERAntiSpyware
2010-03-11 19:23:38 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2010-03-11 17:29:53 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-03-11 17:29:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-11 17:29:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-11 17:14:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-06 09:14:14 ----D---- C:\Program Files\Opera

======List of files/folders modified in the last 1 months======

2010-03-14 14:09:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-14 14:09:04 ----D---- C:\WINDOWS\Prefetch
2010-03-14 14:06:14 ----D---- C:\WINDOWS\Temp
2010-03-14 14:05:21 ----D---- C:\Program Files\Common Files\Akamai
2010-03-14 13:24:01 ----D---- C:\Documents and Settings\Owner\Application Data\WTablet
2010-03-14 13:23:56 ----D---- C:\WINDOWS
2010-03-14 12:14:56 ----D---- C:\WINDOWS\creator
2010-03-14 08:03:27 ----D---- C:\WINDOWS\system32
2010-03-14 08:03:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-13 10:41:41 ----D---- C:\WINDOWS\system32\drivers
2010-03-13 10:32:18 ----RD---- C:\Program Files
2010-03-12 21:09:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-12 21:07:15 ----HD---- C:\WINDOWS\inf
2010-03-12 20:49:41 ----SHD---- C:\WINDOWS\Installer
2010-03-12 20:49:40 ----D---- C:\Program Files\Common Files
2010-03-12 20:29:48 ----D---- C:\Program Files\Java
2010-03-12 15:55:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-12 14:59:13 ----D---- C:\WINDOWS\Debug
2010-03-12 14:58:23 ----D---- C:\Documents and Settings\Owner\Application Data\Xfire
2010-03-12 14:58:11 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-03-12 14:57:30 ----D---- C:\Program Files\Steam
2010-03-12 14:55:41 ----D---- C:\Program Files\Yahoo!
2010-03-11 23:49:10 ----RHD---- C:\Documents and Settings\Owner\Application Data\yahoo!
2010-03-11 23:49:10 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!
2010-03-11 23:47:50 ----D---- C:\Program Files\BigFix
2010-03-11 23:40:48 ----D---- C:\WINDOWS\AppPatch
2010-03-11 23:38:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-11 23:38:38 ----D---- C:\Program Files\Internet Explorer
2010-03-11 23:36:22 ----D---- C:\Program Files\Movie Maker
2010-03-11 23:32:43 ----D---- C:\WINDOWS\WinSxS
2010-03-11 22:56:52 ----D---- C:\WINDOWS\system32\en-US
2010-03-11 22:56:51 ----D---- C:\WINDOWS\Media
2010-03-11 22:56:51 ----D---- C:\WINDOWS\Help
2010-03-11 22:55:19 ----HD---- C:\WINDOWS\msdownld.tmp
2010-03-11 22:43:23 ----D---- C:\WINDOWS\network diagnostic
2010-03-11 21:04:38 ----D---- C:\WINDOWS\Minidump
2010-03-11 20:57:03 ----SD---- C:\WINDOWS\Tasks
2010-03-11 19:17:54 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-03-09 18:19:04 ----D---- C:\Documents and Settings\Owner\Application Data\skypePM
2010-03-06 09:07:49 ----RD---- C:\Program Files\Skype
2010-03-06 09:00:45 ----D---- C:\Program Files\Xfire
2010-02-24 16:17:12 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-07 35840]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-06 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-07-06 8552]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-28 1132544]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-04-20 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-04-20 350080]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-01-25 200576]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-05 185824]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-21 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2009-05-20 13736]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-18 230912]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MemStPCI;Sony Memory Stick controller (PCI); C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2008-04-13 26112]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 15656]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva226;XDva226; \??\C:\WINDOWS\system32\XDva226.sys []
S3 XDva273;XDva273; \??\C:\WINDOWS\system32\XDva273.sys []
S3 XDva276;XDva276; \??\C:\WINDOWS\system32\XDva276.sys []
S3 XDva281;XDva281; \??\C:\WINDOWS\system32\XDva281.sys []
S3 XDva302;XDva302; \??\C:\WINDOWS\system32\XDva302.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-28 364544]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-12 153376]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-16 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-16 189248]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-07-06 172032]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2009-07-15 4408616]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-02-17 65536]
R2 WTouchService;WTouch Service; C:\Program Files\WTouch\WTouchService.exe [2009-07-15 112936]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-24 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt
info.txt logfile of random's system information tool 1.06 2010-03-14 14:09:17

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e_plugin.exe -uninstall broker+plugin
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Bamboo-->C:\Program Files\Tablet\Pen\Remove.exe /u
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 802.11 Network Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Browser Address Error Redirector-->regsvr32 /u /s "c:\windows\system32\BAE.dll"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta0300a.INF
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dedicated Server-->"C:\Program Files\Steam\steam.exe" steam://uninstall/5
HijackThis 2.0.2-->"C:\Documents and Settings\Owner\My Documents\z\HijackThis.exe" /uninstall
HOT ALBUM MYBOX-->C:\Program Files\HOTALBUMMyBOX\VUninst.exe /a
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Mike and Mary TTS Engines 5.1-->MsiExec.exe /X{3A0604C2-807A-11DB-8DF8-00508DD5B6B9}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
MotionDV STUDIO 5.3E LE for DV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43F8F1E5-C740-4293-A309-EA9DD6474DB1}\setup.exe" UNINSTALL
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Pinnacle Instant DVD Recorder-->MsiExec.exe /X{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc_heroes.exe -u
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPG Maker VX RTP-->"C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe"
RPG Maker VX-->"C:\Program Files\Enterbrain\RPGVX\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B\HXFSETUP.EXE -U -Iqta0300m.inf
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Turbine Download Manager-->"C:\Program Files\Turbine\Turbine Download Manager\UninstallTDM.exe" /silent /query 62289540-dc30-11dc-95ff-0800200c9a66_is1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Vegas Movie Studio 9.0-->MsiExec.exe /X{67E131A1-6CEE-45FA-B351-8E65866D4024}
Video Stream Driver for Panasonic DVC-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9A97D672-6C93-4DFA-B527-DE005A761495} /l1033
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab [2010-03-12]
O21 - SSODL: zeveludap - {a0ed2eaf-eeaa-4e53-8009-24de909892c5} - c:\windows\system32\gukuyesa.dll (file missing) [2010-03-12]
O20 - Winlogon Notify: MRI_DISABLED - C:\WINDOWS\ [2010-03-12]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2010-03-12]
O22 - SharedTaskScheduler: mujuzedij - {a0ed2eaf-eeaa-4e53-8009-24de909892c5} - c:\windows\system32\gukuyesa.dll (file missing) [2010-03-12]
O21 - SSODL: yukofevad - {5ab94eb9-8815-4163-bf38-491aabd5fd07} - c:\windows\system32\vuwilamu.dll (file missing) [2010-03-12]
O21 - SSODL: muvujopuf - {1de6df7f-65d4-4a91-8ee3-73a92389acf5} - c:\windows\system32\gukuyesa.dll (file missing) [2010-03-12]
O22 - SharedTaskScheduler: kupuhivus - {1de6df7f-65d4-4a91-8ee3-73a92389acf5} - c:\windows\system32\gukuyesa.dll (file missing) [2010-03-12]
O21 - SSODL: debeduhal - {f3d791b5-2e79-47f2-af30-f95cf4a190cf} - (no file) [2010-03-12]
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (file missing) [2010-03-12]
O22 - SharedTaskScheduler: kupuhivus - {5ab94eb9-8815-4163-bf38-491aabd5fd07} - c:\windows\system32\vuwilamu.dll (file missing) [2010-03-12]
O22 - SharedTaskScheduler: mujuzedij - {f3d791b5-2e79-47f2-af30-f95cf4a190cf} - (no file) [2010-03-12]
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe [2010-03-12]
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (file missing) [2010-03-12]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: YOUR-96E4C63730
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 29497
Source Name: Ftdisk
Time Written: 20100303210952.000000-360
Event Type: error
User:

Computer Name: YOUR-96E4C63730
Event Code: 7000
Message: The Turbine Message Service - Live service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 29484
Source Name: Service Control Manager
Time Written: 20100303210946.000000-360
Event Type: error
User:

Computer Name: YOUR-96E4C63730
Event Code: 7000
Message: The Turbine Message Service - Live service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 29453
Source Name: Service Control Manager
Time Written: 20100303151937.000000-360
Event Type: error
User:

Computer Name: YOUR-96E4C63730
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Record Number: 29450
Source Name: Ftdisk
Time Written: 20100303151927.000000-360
Event Type: error
User:

Computer Name: YOUR-96E4C63730
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 29449
Source Name: Ftdisk
Time Written: 20100303151927.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-96E4C63730
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 15788
Source Name: crypt32
Time Written: 20091108202028.000000-360
Event Type: error
User:

Computer Name: YOUR-96E4C63730
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 15787
Source Name: crypt32
Time Written: 20091108202028.000000-360
Event Type: error
User:

Computer Name: YOUR-96E4C63730
Event Code: 1517
Message: Windows saved user YOUR-96E4C63730\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15778
Source Name: Userenv
Time Written: 20091108111559.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-96E4C63730
Event Code: 1517
Message: Windows saved user YOUR-96E4C63730\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15758
Source Name: Userenv
Time Written: 20091108075058.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-96E4C63730
Event Code: 1517
Message: Windows saved user YOUR-96E4C63730\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15742
Source Name: Userenv
Time Written: 20091105233334.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

and the gmer.log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 16:04:17
Windows 5.1.2600 Service Pack 3
Running: 60z6dg2r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awlyifoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEF6D7C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEF6D7B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xEF6D80C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEF6D7FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEF6D76E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEF6D7BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEF6D7628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEF6D768C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEF6D7D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xEF6D8194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEF6D7CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEF6D7E4C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEF6E44FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEF6E4322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEF6E445C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 14 March 2010 - 04:31 PM

Hello, kbz1960.
Thanks for the detailed feedback. Makes it really easy for me to figure out where we're at thumbup2.gif

Looks like your computer's heavily infected with Vundo, so we'll use Combofix.

By the way, I see a few HJT backups in your logs. Are you being helped elsewhere? If so, please do not proceed with the steps below as it could lead to confusion.
We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 kbz1960

kbz1960
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:IL
  • Local time:12:27 AM

Posted 14 March 2010 - 05:14 PM

Recovery console is wanting to reboot, do I do that? Never mind, I didn't read far enough.

Edited by kbz1960, 14 March 2010 - 05:16 PM.


#6 kbz1960

kbz1960
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:IL
  • Local time:12:27 AM

Posted 14 March 2010 - 05:23 PM

It blue screened on me, caused by mbr.sys stop: 0x000000ce (0xf7912838,0x00000008,0xf7912838,0x00000000)

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 14 March 2010 - 05:25 PM

Hi!

Please restart your computer. If combofix continues to run, let it. If not, then look to see if a file is located at C:\[b]combofix.txt[b]. If not, then please re-run combofix.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 kbz1960

kbz1960
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:IL
  • Local time:12:27 AM

Posted 14 March 2010 - 05:50 PM

QUOTE(aommaster @ Mar 14 2010, 04:31 PM) View Post
Hello, kbz1960.

By the way, I see a few HJT backups in your logs. Are you being helped elsewhere? If so, please do not proceed with the steps below as it could lead to confusion.


Hi, I did download and run hjt and ran a scan then removed some things. Then I thought it remove something you need so I restored it. No I'm not getting help anywhere else.

After a reboot combofix ran.

Combofix

ComboFix 10-03-14.03 - Owner 03/14/2010 17:29:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.594 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patchw.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\Tasks\gnpbigko.job
C:\xcrashdump.dat
D:\Autorun.inf

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\system32\dllcache\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 22:35 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2010-03-14 22:35 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-03-14 19:09 . 2010-03-14 19:09 -------- dc----w- C:\rsit
2010-03-13 15:32 . 2010-03-13 15:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-03-13 14:05 . 2010-03-13 14:37 -------- d-----w- c:\program files\a-squared Free
2010-03-13 01:49 . 2010-03-13 01:49 -------- d-----w- c:\program files\Common Files\Java
2010-03-13 01:30 . 2010-03-13 01:30 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-58b82b9f-n\decora-sse.dll
2010-03-13 01:30 . 2010-03-13 01:30 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1083d299-n\msvcp71.dll
2010-03-13 01:30 . 2010-03-13 01:30 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1083d299-n\jmc.dll
2010-03-13 01:30 . 2010-03-13 01:30 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1083d299-n\msvcr71.dll
2010-03-13 01:30 . 2010-03-13 01:30 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-58b82b9f-n\decora-d3d.dll
2010-03-13 01:30 . 2010-03-13 01:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-12 23:31 . 2010-03-12 23:31 54016 ----a-w- c:\windows\system32\drivers\kpoisf.sys
2010-03-12 20:14 . 2010-03-12 20:14 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-12 05:20 . 2008-04-14 01:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-03-12 05:20 . 2001-08-18 04:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-03-12 05:20 . 2008-04-14 01:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-03-12 05:20 . 2001-08-18 04:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-03-12 05:20 . 2001-08-18 04:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-03-12 05:20 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-03-12 05:20 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-03-12 05:20 . 2004-08-04 04:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-03-12 05:20 . 2004-08-04 04:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-03-12 05:20 . 2008-04-14 01:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-03-12 05:18 . 2004-08-04 04:29 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2010-03-12 05:18 . 2001-08-17 18:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2010-03-12 05:18 . 2001-08-17 18:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2010-03-12 05:18 . 2001-08-17 18:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2010-03-12 05:18 . 2001-08-17 19:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-03-12 05:18 . 2001-08-17 19:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-03-12 05:18 . 2001-08-17 19:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-03-12 05:18 . 2001-08-17 18:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-03-12 05:18 . 2001-08-17 19:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-03-12 05:18 . 2001-08-17 19:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-03-12 05:18 . 2001-08-17 19:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-03-12 05:18 . 2001-08-17 19:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-03-12 05:16 . 2001-08-18 04:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-03-12 05:15 . 2001-08-17 18:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-03-12 05:14 . 2001-08-18 04:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-03-12 05:13 . 2001-08-18 04:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-03-12 05:12 . 2004-08-04 04:31 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-03-12 05:11 . 2001-08-18 04:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-03-12 05:10 . 2001-08-17 18:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2010-03-12 05:09 . 2001-08-18 04:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-03-12 05:08 . 2001-08-17 19:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2010-03-12 05:07 . 2001-08-18 04:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2010-03-12 05:06 . 2001-08-18 04:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-03-12 05:05 . 2001-08-17 18:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-03-12 05:04 . 2001-08-17 20:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-03-12 05:04 . 2008-04-13 19:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-03-12 05:04 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-03-12 05:04 . 2001-08-17 19:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-03-12 05:04 . 2001-08-17 19:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-03-12 05:04 . 2001-08-17 19:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-03-12 05:04 . 2001-08-17 18:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-03-12 05:04 . 2001-08-17 20:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-03-12 05:04 . 2001-08-18 04:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-03-12 05:02 . 2001-08-17 18:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2010-03-12 05:01 . 2001-08-18 04:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-03-12 05:00 . 2001-08-17 18:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-03-12 04:59 . 2001-08-18 04:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-03-12 04:58 . 2001-08-17 20:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2010-03-12 04:57 . 2001-08-18 04:36 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-03-12 04:56 . 2001-08-17 18:10 26141 -c--a-w- c:\windows\system32\dllcache\el589nd5.sys
2010-03-12 04:55 . 2001-08-17 18:14 21606 -c--a-w- c:\windows\system32\dllcache\digiisdn.sys
2010-03-12 04:54 . 2001-08-18 04:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2010-03-12 04:53 . 2001-08-17 19:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-03-12 04:52 . 2001-08-17 18:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-03-12 04:51 . 2001-08-17 20:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-03-12 04:32 . 2010-03-12 04:38 -------- d-----w- c:\windows\ie8updates
2010-03-12 04:30 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-12 04:30 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-12 04:04 . 2010-03-12 04:04 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-03-12 04:00 . 2010-03-12 04:00 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2010-03-12 03:58 . 2010-03-12 03:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-12 03:57 . 2010-03-12 03:57 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2010-03-12 03:53 . 2010-03-12 03:55 -------- dc-h--w- c:\windows\ie8
2010-03-12 02:22 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-12 02:22 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-12 02:22 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-12 02:22 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-12 02:22 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-12 02:22 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-12 02:22 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-12 02:21 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-12 02:21 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-12 02:21 . 2010-03-12 02:21 -------- d-----w- c:\program files\Alwil Software
2010-03-12 02:21 . 2010-03-12 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-12 01:55 . 2010-03-12 01:55 -------- d-----w- c:\program files\CCleaner
2010-03-12 00:24 . 2010-03-12 00:24 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-12 00:24 . 2010-03-12 03:47 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-12 00:24 . 2010-03-12 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-12 00:23 . 2010-03-12 00:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-12 00:23 . 2010-03-12 00:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-03-11 22:29 . 2010-03-11 22:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-11 22:29 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 22:29 . 2010-03-11 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-11 22:29 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 22:29 . 2010-03-12 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 22:14 . 2010-03-11 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-06 14:14 . 2010-03-07 04:10 -------- d-----w- c:\program files\Opera
2010-03-06 03:35 . 2010-03-06 03:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-04 04:36 . 2010-03-04 04:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 22:39 . 2009-12-25 03:11 -------- d-----w- c:\documents and settings\Owner\Application Data\WTablet
2010-03-14 22:39 . 2009-12-12 04:56 -------- d-----w- c:\program files\Common Files\Akamai
2010-03-14 22:26 . 2009-12-25 03:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-03-13 01:29 . 2006-07-06 20:30 -------- d-----w- c:\program files\Java
2010-03-12 23:49 . 2004-08-04 05:59 96512 -c--a-w- c:\windows\system32\drivers\atapi.sys
2010-03-12 23:49 . 2004-08-04 05:59 96512 -c--a-w- c:\windows\system32\drivers\atapi.svs
2010-03-12 19:58 . 2009-09-02 01:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Xfire
2010-03-12 19:58 . 2009-10-05 02:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-03-12 19:57 . 2009-10-29 01:00 -------- d-----w- c:\program files\Steam
2010-03-12 19:55 . 2007-02-10 19:43 -------- d-----w- c:\program files\Yahoo!
2010-03-12 04:49 . 2007-02-15 22:14 -------- d--h--r- c:\documents and settings\Owner\Application Data\yahoo!
2010-03-12 04:49 . 2007-02-14 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-03-12 04:47 . 2006-07-06 20:25 -------- d-----w- c:\program files\BigFix
2010-03-09 23:19 . 2009-10-05 02:10 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-03-06 14:07 . 2009-10-05 02:06 -------- d-----r- c:\program files\Skype
2010-03-06 14:00 . 2009-09-02 01:22 -------- d-----w- c:\program files\Xfire
2010-03-06 03:35 . 2007-03-24 05:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 21:17 . 2009-09-13 23:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-09 22:40 . 2010-02-09 02:57 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-09 22:40 . 2010-02-09 02:57 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-09 22:40 . 2010-02-09 02:57 88 --sh--r- c:\documents and settings\All Users\Application Data\32A951981C.sys
2010-02-09 22:40 . 2010-02-09 02:57 88 --sh--r- c:\documents and settings\All Users\Application Data\32A951981C.sys
2010-02-09 02:50 . 2010-02-09 02:50 -------- d-----w- c:\program files\Enterbrain
2010-02-09 02:32 . 2010-02-03 01:06 -------- d-----w- c:\program files\Common Files\Enterbrain
2010-02-09 02:23 . 2009-12-25 04:41 -------- d-----w- c:\program files\Sony
2010-02-06 17:37 . 2010-01-28 21:39 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-06 17:37 . 2010-01-28 21:39 56 --sh--r- c:\windows\system32\1C9851A932.sys
2010-02-06 07:03 . 2010-02-06 07:01 -------- d-----w- c:\program files\iTunes
2010-02-06 07:02 . 2006-09-25 00:58 -------- d-----w- c:\program files\iPod
2010-02-06 07:01 . 2007-11-30 02:37 -------- d-----w- c:\program files\Common Files\Apple
2010-02-06 06:56 . 2010-02-06 06:55 -------- d-----w- c:\program files\QuickTime
2010-02-06 06:36 . 2010-02-06 06:36 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-20 03:17 . 2008-09-06 01:04 40808 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-19 02:38 . 2010-01-19 02:38 -------- d-----w- c:\program files\Sony Setup
2010-01-14 03:08 . 2008-01-13 19:23 -------- d-----w- c:\program files\HOTALBUMMyBOX
2009-12-31 16:50 . 2004-08-26 16:12 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 04:07 . 2006-12-17 03:43 52512 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 04:00 . 2009-12-25 04:00 -------- d-----w- c:\windows\Fonts\Fonts
2009-12-25 03:58 . 2009-12-25 03:58 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-12-25 03:58 . 2009-12-25 03:58 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-12-25 03:58 . 2009-12-25 03:58 129784 ------w- c:\windows\system32\pxafs.dll
2009-12-25 03:58 . 2009-12-25 03:58 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-12-25 03:57 . 2009-12-25 03:58 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-12-25 03:57 . 2009-12-25 03:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-12-21 19:14 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 02:02 . 2009-12-17 02:02 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-17 02:02 . 2009-12-17 02:02 138056 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-12-17 02:02 . 2009-12-17 02:02 138056 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-12-17 02:02 . 2009-12-17 02:02 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-17 02:02 . 2009-12-17 02:02 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-17 02:02 . 2009-12-17 02:02 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-12-16 18:43 . 2004-08-26 18:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-10-28 23:24 . 2009-10-28 23:24 1024 ----a-w- c:\program files\MAA.srm
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 01:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2007-02-09 20:28 789120 ----a-w- c:\program files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-09-02 20:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-20 16:43 1217872 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [1/13/2008 2:25 PM 15172]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2010 9:22 PM 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [3/13/2010 9:05 AM 1858144]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/26/2004 11:12 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2010 9:22 PM 19024]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [12/24/2009 10:08 PM 4408616]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [12/24/2009 10:10 PM 112936]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [7/6/2006 3:18 PM 200576]
S2 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe" --> c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [?]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" --> c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [?]
S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [10/31/2009 2:01 PM 26112]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/24/2009 10:08 PM 15656]
S3 XDva226;XDva226;\??\c:\windows\system32\XDva226.sys --> c:\windows\system32\XDva226.sys [?]
S3 XDva273;XDva273;\??\c:\windows\system32\XDva273.sys --> c:\windows\system32\XDva273.sys [?]
S3 XDva276;XDva276;\??\c:\windows\system32\XDva276.sys --> c:\windows\system32\XDva276.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva302;XDva302;\??\c:\windows\system32\XDva302.sys --> c:\windows\system32\XDva302.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.msn.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fe1sq48r.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {1AB5952D-25D5-41F0-9A2D-BDCBB5CE3960} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{1AB5952D-25D5-41F0-9A2D-BDCBB5CE3960}\
FF - HiddenExtension: XUL Cache: {99DC6CA9-124B-4D28-BF7E-E29B257D5858} - c:\documents and settings\Owner\Local Settings\Application Data\{99DC6CA9-124B-4D28-BF7E-E29B257D5858}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{491B09EE-96BF-4213-8DC0-9A4A086234D8} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
SafeBoot-MCODS
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
AddRemove-62289540-dc30-11dc-95ff-0800200c9a66_is1 - c:\program files\Turbine\Turbine Download Manager\UninstallTDM.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 17:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\abp480n5]
"ImagePath"="System32\Drivers\ABP480N5.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\adpu160m]
"ImagePath"="System32\Drivers\adpu160m.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Aha154x]
"ImagePath"="System32\Drivers\aha154x.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aic78u2]
"ImagePath"="System32\Drivers\aic78u2.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aic78xx]
"ImagePath"="System32\Drivers\aic78xx.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\amsint]
"ImagePath"="System32\Drivers\amsint.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\asc]
"ImagePath"="System32\Drivers\asc.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\asc3350p]
"ImagePath"="System32\Drivers\asc3350p.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\asc3550]
"ImagePath"="System32\Drivers\asc3550.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cbidf]
"ImagePath"="System32\Drivers\cbidf2k.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cd20xrnt]
"ImagePath"="System32\Drivers\cd20xrnt.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Cpqarray]
"ImagePath"="System32\Drivers\cpqarray.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dac2w2k]
"ImagePath"="System32\Drivers\dac2w2k.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dac960nt]
"ImagePath"="System32\Drivers\dac960nt.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dpti2o]
"ImagePath"="System32\Drivers\dpti2o.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpn]
"ImagePath"="System32\Drivers\hpn.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omp]
"ImagePath"="System32\Drivers\i2omp.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ini910u]
"ImagePath"="System32\Drivers\ini910u.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mraid35x]
"ImagePath"="System32\Drivers\mraid35x.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2]
"ImagePath"="System32\Drivers\perc2.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2hib]
"ImagePath"="System32\Drivers\perc2hib.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1080]
"ImagePath"="System32\Drivers\ql1080.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ql10wnt]
"ImagePath"="System32\Drivers\ql10wnt.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql12160]
"ImagePath"="System32\Drivers\ql12160.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1240]
"ImagePath"="System32\Drivers\ql1240.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1280]
"ImagePath"="System32\Drivers\ql1280.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sparrow]
"ImagePath"="System32\Drivers\sparrow.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc810]
"ImagePath"="System32\Drivers\symc810.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc8xx]
"ImagePath"="System32\Drivers\symc8xx.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_hi]
"ImagePath"="System32\Drivers\sym_hi.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_u3]
"ImagePath"="System32\Drivers\sym_u3.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ultra]
"ImagePath"="System32\Drivers\ultra.svs"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3612)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\WLTRAY.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-14 17:44:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-14 22:44

Pre-Run: 19,246,379,008 bytes free
Post-Run: 19,424,653,312 bytes free

- - End Of File - - BB2025B216B6689DB4D9256C22EF1803

Hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:47 PM, on 3/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\My Documents\z\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: MRI_DISABLED
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (file missing)
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 6711 bytes


btw I did the hjt thing before I made my first post.

Edited by kbz1960, 14 March 2010 - 07:57 PM.


#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 14 March 2010 - 08:42 PM

Hello, kbz1960.
How's your computer doing?

We need to use HijackThis to carry out a fix
  1. Run HijackThis
  2. Click on Do a system scan only.
  3. Place a checkmark next to these lines (if still present).

    O2 - BHO: (no name) - MRI_DISABLED - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O4 - Global Startup: MRI_DISABLED


  4. Close all windows except HijackThis and click Fix Checked.
  5. Restart


NEXT:

We need to run a Panda Active Scan
  1. Please go here to run Panda's ActiveScan
  2. Once you are on the Panda site click the Scan your PC button
  3. Click the big Scan Now button
  4. If it wants to install an ActiveX component allow it
  5. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  6. When download is complete, click on My Computer to start the scan
  7. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

In your next reply, please include the following:
  • RSIT Log
  • Description of any remaining problems
  • ActiveScan Report

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 kbz1960

kbz1960
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:IL
  • Local time:12:27 AM

Posted 14 March 2010 - 08:50 PM

Hi, thanks. Not sure how it's doing because I haven't gone online with it again until now. I will do the fix and post back. If this does post it means things are going better.

#11 kbz1960

kbz1960
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:IL
  • Local time:12:27 AM

Posted 14 March 2010 - 08:56 PM

Just got rebooted from hjt fix and will start the panda scan and let it go over night. It's my bedtime and I'll check it in the morning. I hope that it will be all right over night? Then I won't be able to do much more until I get home from work tomorrow.

Thanks so much and so far no pop ups or redirects.

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 14 March 2010 - 09:13 PM

Hi!

Good to hear. Yes, the Pandascan will take a while to complete. I'll wait for them smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 kbz1960

kbz1960
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:IL
  • Local time:12:27 AM

Posted 15 March 2010 - 04:18 AM

Hi, seems to running OK now but I was sleeping and it ran the panda scan overnight so haven't used it much yet. No pop ups or random webpages open though. No log for panda just the page saying Congratulations Today you're not infected.

Here is rsit log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-15 04:13:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (27%) free of 69 GB
Total RAM: 958 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:57 AM, on 3/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\My Documents\z\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (file missing)
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 6953 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-05 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-05 688218]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe [2007-02-09 789120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\xfire.exe [2010-02-10 3207056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-28 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-14 20:57:37 ----D---- C:\Program Files\Panda Security
2010-03-14 20:57:36 ----D---- C:\WINDOWS\LastGood
2010-03-14 17:47:05 ----SHDC---- C:\RECYCLER
2010-03-14 17:44:40 ----AC---- C:\ComboFix.txt
2010-03-14 17:35:48 ----A---- C:\WINDOWS\system32\proquota.exe
2010-03-14 17:12:26 ----AC---- C:\Boot.bak
2010-03-14 17:12:13 ----RASHDC---- C:\cmdcons
2010-03-14 17:09:50 ----A---- C:\WINDOWS\zip.exe
2010-03-14 17:09:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-14 17:09:50 ----A---- C:\WINDOWS\SWSC.exe
2010-03-14 17:09:50 ----A---- C:\WINDOWS\SWREG.exe
2010-03-14 17:09:50 ----A---- C:\WINDOWS\sed.exe
2010-03-14 17:09:50 ----A---- C:\WINDOWS\PEV.exe
2010-03-14 17:09:50 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-14 17:09:50 ----A---- C:\WINDOWS\MBR.exe
2010-03-14 17:09:50 ----A---- C:\WINDOWS\grep.exe
2010-03-14 17:09:34 ----D---- C:\WINDOWS\ERDNT
2010-03-14 17:09:07 ----ADC---- C:\Qoobox
2010-03-14 14:09:02 ----DC---- C:\rsit
2010-03-13 10:32:31 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2010-03-13 10:32:18 ----D---- C:\Program Files\Mozilla Firefox
2010-03-13 09:05:53 ----D---- C:\Program Files\a-squared Free
2010-03-13 09:02:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-12 20:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-12 20:49:40 ----D---- C:\Program Files\Common Files\Java
2010-03-12 20:30:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-12 20:30:16 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-12 20:30:16 ----A---- C:\WINDOWS\system32\java.exe
2010-03-12 20:30:16 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-11 23:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-11 23:38:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-11 23:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-11 23:37:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-11 23:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-11 23:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-11 23:36:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-11 23:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-11 23:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-11 23:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-11 23:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-11 23:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-11 23:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-11 23:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-11 23:33:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-11 23:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-11 23:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-11 23:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-11 23:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-11 23:32:48 ----D---- C:\WINDOWS\ie8updates
2010-03-11 23:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-11 23:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-11 22:53:01 ----HDC---- C:\WINDOWS\ie8
2010-03-11 21:21:42 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-11 21:21:31 ----D---- C:\Program Files\Alwil Software
2010-03-11 21:21:31 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-03-11 20:55:23 ----D---- C:\Program Files\CCleaner
2010-03-11 19:24:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-11 19:23:38 ----D---- C:\Program Files\SUPERAntiSpyware
2010-03-11 19:23:38 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2010-03-11 17:29:53 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-03-11 17:29:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-11 17:29:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-11 17:14:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-06 09:14:14 ----D---- C:\Program Files\Opera

======List of files/folders modified in the last 1 months======

2010-03-15 04:13:50 ----D---- C:\WINDOWS\Prefetch
2010-03-15 04:06:34 ----D---- C:\Program Files\Common Files\Akamai
2010-03-15 00:53:40 ----D---- C:\WINDOWS\Temp
2010-03-14 21:02:23 ----D---- C:\WINDOWS\system32\drivers
2010-03-14 20:57:37 ----RD---- C:\Program Files
2010-03-14 20:57:36 ----HD---- C:\WINDOWS\inf
2010-03-14 20:57:36 ----D---- C:\WINDOWS
2010-03-14 20:57:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-14 20:53:17 ----D---- C:\Documents and Settings\Owner\Application Data\WTablet
2010-03-14 20:52:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-14 17:43:59 ----SD---- C:\WINDOWS\Tasks
2010-03-14 17:39:47 ----AC---- C:\WINDOWS\system.ini
2010-03-14 17:37:14 ----D---- C:\WINDOWS\system32\config
2010-03-14 17:35:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-14 17:35:48 ----D---- C:\WINDOWS\system32
2010-03-14 17:33:54 ----D---- C:\WINDOWS\AppPatch
2010-03-14 17:33:47 ----D---- C:\Program Files\Common Files
2010-03-14 17:12:26 ----RASHC---- C:\boot.ini
2010-03-14 12:14:56 ----D---- C:\WINDOWS\creator
2010-03-14 08:03:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-12 21:09:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-12 20:49:41 ----SHD---- C:\WINDOWS\Installer
2010-03-12 20:29:48 ----D---- C:\Program Files\Java
2010-03-12 14:59:13 ----D---- C:\WINDOWS\Debug
2010-03-12 14:58:23 ----D---- C:\Documents and Settings\Owner\Application Data\Xfire
2010-03-12 14:58:11 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-03-12 14:57:30 ----D---- C:\Program Files\Steam
2010-03-12 14:55:41 ----D---- C:\Program Files\Yahoo!
2010-03-11 23:49:10 ----RHD---- C:\Documents and Settings\Owner\Application Data\yahoo!
2010-03-11 23:49:10 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!
2010-03-11 23:47:50 ----D---- C:\Program Files\BigFix
2010-03-11 23:38:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-11 23:38:38 ----D---- C:\Program Files\Internet Explorer
2010-03-11 23:36:22 ----D---- C:\Program Files\Movie Maker
2010-03-11 23:32:43 ----D---- C:\WINDOWS\WinSxS
2010-03-11 22:56:52 ----D---- C:\WINDOWS\system32\en-US
2010-03-11 22:56:51 ----D---- C:\WINDOWS\Media
2010-03-11 22:56:51 ----D---- C:\WINDOWS\Help
2010-03-11 22:55:19 ----HD---- C:\WINDOWS\msdownld.tmp
2010-03-11 22:43:23 ----D---- C:\WINDOWS\network diagnostic
2010-03-11 21:04:38 ----D---- C:\WINDOWS\Minidump
2010-03-11 19:17:54 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-03-09 18:19:04 ----D---- C:\Documents and Settings\Owner\Application Data\skypePM
2010-03-06 09:07:49 ----RD---- C:\Program Files\Skype
2010-03-06 09:00:45 ----D---- C:\Program Files\Xfire
2010-02-24 16:17:12 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-07 35840]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-06 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-07-06 8552]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-28 1132544]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-04-20 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-04-20 350080]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-01-25 200576]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-05 185824]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-21 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2009-05-20 13736]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-18 230912]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MemStPCI;Sony Memory Stick controller (PCI); C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2008-04-13 26112]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 15656]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva226;XDva226; \??\C:\WINDOWS\system32\XDva226.sys []
S3 XDva273;XDva273; \??\C:\WINDOWS\system32\XDva273.sys []
S3 XDva276;XDva276; \??\C:\WINDOWS\system32\XDva276.sys []
S3 XDva281;XDva281; \??\C:\WINDOWS\system32\XDva281.sys []
S3 XDva302;XDva302; \??\C:\WINDOWS\system32\XDva302.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-28 364544]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-12 153376]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-16 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-16 189248]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-07-06 172032]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2009-07-15 4408616]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-02-17 65536]
R2 WTouchService;WTouch Service; C:\Program Files\WTouch\WTouchService.exe [2009-07-15 112936]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-24 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 15 March 2010 - 08:42 AM

Hello, kbz1960.
Good to hear. In that case, let's clean up...

We need to uninstall Combofix
  1. Click on your Start Menu, then Run....
  2. Now type combofix /uninstall in the runbox and click OK. Notice the space between the "x" and "/".




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif

There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  4. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  5. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 kbz1960

kbz1960
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:IL
  • Local time:12:27 AM

Posted 15 March 2010 - 09:33 AM

Thanks, I'm replying from work so I'll do all that when I get home today. I will direct the owner of the laptop to this thread so they can read all of your great advice. I follow all of it on my own laptop.

I'm thinking that I need to get rid of all the restore points also?

Can you tell me if there is a way to remove user profiles? In documents and settings this thing has administrator, administrator 548756 (some numbers anyway), administrator 546156.516, owner and I think some more with some of the same files all over the place.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users