Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32/adware.virtumonde and win32.privacyremover.m64 [RESOLVED]


  • This topic is locked This topic is locked

#16
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Danzilla,

Seems to be some leftovers, we will check it :)

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Regards,
Egwene.
  • 0

Advertisements


#17
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Egwene,

Installed the XP Recovery Console

Ran ComboFix and here is the log:

ComboFix 08-09-01.01 - Thadeus McGriddle 2008-09-02 17:31:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.591 [GMT 9:00]
Running from: C:\Documents and Settings\Thadeus McGriddle\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\bin.clearspring.com
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\interclick.com
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\interclick.com\ud.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0182\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0200\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0204\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0205\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0206\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0213\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0231\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0233\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0234\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0235\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0255\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0261\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0270\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0272\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0275\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0277\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0279\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0281\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0282\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0284\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0288\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0291\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0304\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\static.youku.com\v1.0.0314\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\v.youku.com
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\v.youku.com\v1.0.0155\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\v.youku.com\v1.0.0158\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\#SharedObjects\PYZTY9U6\v.youku.com\v1.0.0164\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#v.youku.com
C:\Documents and Settings\Thadeus McGriddle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#v.youku.com\settings.sol

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_tdssserv


((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.

2008-08-30 23:40 . 2008-08-30 23:40 <DIR> d-------- C:\_OTMoveIt
2008-08-29 18:50 . 2008-08-29 18:50 <DIR> d-------- C:\HostsXpert 4.2 - Hosts File Manager
2008-08-29 18:46 . 2008-08-29 18:46 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-29 18:38 . 2008-08-30 23:42 <DIR> d-------- C:\Program Files\NOS
2008-08-29 18:38 . 2008-08-30 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-25 03:38 . 2008-08-25 03:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 02:57 . 2008-08-25 02:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-08-25 02:44 . 2008-08-25 02:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-25 02:38 . 2007-11-28 18:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-08-25 02:38 . 2008-08-25 02:38 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-25 02:33 . 2008-08-25 02:40 <DIR> d-------- C:\Program Files\ERUNT
2008-08-25 02:02 . 2008-09-01 18:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 02:02 . 2008-08-25 02:02 <DIR> d-------- C:\Documents and Settings\Thadeus McGriddle\Application Data\Malwarebytes
2008-08-25 02:02 . 2008-08-25 02:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 02:02 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-25 02:02 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 01:48 . 2008-08-25 01:48 <DIR> d-------- C:\VundoFix Backups
2008-08-25 00:01 . 2008-08-25 00:17 3,916 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-24 23:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-24 23:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-24 23:48 . 2008-08-23 19:06 89,600 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-24 23:48 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-24 23:48 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-24 23:48 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-24 23:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-24 23:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-24 23:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-19 10:11 . 2008-08-19 10:11 <DIR> d-------- C:\Program Files\EPSON
2008-08-19 10:11 . 2004-11-30 03:08 80,742 --a------ C:\WINDOWS\system32\E_SL2380.DLL
2008-08-19 10:11 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2008-08-02 13:27 . 2008-08-02 13:27 <DIR> d-------- C:\Program Files\iTunes
2008-08-02 13:27 . 2008-08-02 13:27 <DIR> d-------- C:\Program Files\iPod
2008-08-02 13:26 . 2008-08-02 13:26 <DIR> d-------- C:\Program Files\Bonjour
2008-08-02 13:25 . 2008-08-02 13:25 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 08:34 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-30 14:31 --------- d-----w C:\Program Files\Java
2008-08-29 09:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-29 08:29 --------- d-----w C:\Documents and Settings\Thadeus McGriddle\Application Data\Skype
2008-08-29 08:28 --------- d-----w C:\Documents and Settings\Thadeus McGriddle\Application Data\skypePM
2008-07-24 14:00 --------- d-----w C:\Program Files\MySpace
2008-07-24 14:00 --------- d-----w C:\Documents and Settings\Thadeus McGriddle\Application Data\MySpace
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-30 00:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-02 04:48 1392640]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-14 09:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-14 09:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-14 09:45 118784]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-08 06:13 176128]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-09 07:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-18 04:30 85184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-10 03:50 155648]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-05-21 10:16 457728]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-14 07:49 49152]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-07 02:51 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 19:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 19:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 19:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 19:00 455168]
"Monitor"="C:\WINDOWS\PixArt\PAC7311\Monitor.exe" [2006-11-03 11:01 319488]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-28 06:19 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 11:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-05 11:50:52 53248]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-05-26 05:03:12 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-14 10:22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Thadeus McGriddle\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

S3 EraserUtilDrv10821;EraserUtilDrv10821;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys []
S3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS []
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Thadeus McGriddle\Application Data\Mozilla\Firefox\Profiles\jp3gg4j3.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Documents and Settings\Thadeus McGriddle\Application Data\Mozilla\Firefox\Profiles\jp3gg4j3.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 17:36:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-02 17:41:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 08:41:04

Pre-Run: 57,462,861,824 bytes free
Post-Run: 57,384,402,944 bytes free

224 --- E O F --- 2008-08-14 18:03:50



Ran Hijackthis and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:08, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.201.0.80:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9129 bytes


Also, not sure if this is important or changes anything, earlier today I had been using my computer and my Symantec recognized and quarantined a virus called IEDefender I think was the name. I was not connected to the internet when this happened. But after I ran the combofix, my symantec anti-virus was unloaded it looks like. My brother-in-law installed it for me before i came to Japan (he is in America.) So now if I right click on any box it starts trying to load symantec but it says I need CD or disk to load it. Sorry, I can't access the file to give you more info on what Symatec quarantined.

Thanx,
Dan
  • 0

#18
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Danzilla,

We are nearly finished :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

SysRst::
Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

And please tell me how your computer is running now.

Regards,
Egwene.
  • 0

#19
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OMG, Egwene!
I think you did it. After I did the last thing you told me to do, I connected to the internet. I could access every site before that was previously blocked. It doesn't look like my temp files are filling up automatically!
THe only I problem I have is that my Symantec Software got removed from the system tray. It needs a disk to reload the software, but that is back home in the states. Is there a anti-virus program you could recommend? Are there any free ones with real-time protection?

Here is the latest log:

ComboFix 08-09-01.05 - Thadeus McGriddle 2008-09-03 18:37:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.629 [GMT 9:00]
Running from: C:\Documents and Settings\Thadeus McGriddle\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thadeus McGriddle\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.

2008-08-30 23:40 . 2008-08-30 23:40 <DIR> d-------- C:\_OTMoveIt
2008-08-29 18:50 . 2008-08-29 18:50 <DIR> d-------- C:\HostsXpert 4.2 - Hosts File Manager
2008-08-29 18:46 . 2008-08-29 18:46 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-29 18:38 . 2008-08-30 23:42 <DIR> d-------- C:\Program Files\NOS
2008-08-29 18:38 . 2008-08-30 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-25 03:38 . 2008-08-25 03:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 02:57 . 2008-08-25 02:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-08-25 02:44 . 2008-08-25 02:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-25 02:38 . 2007-11-28 18:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-08-25 02:38 . 2008-08-25 02:38 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-25 02:33 . 2008-08-25 02:40 <DIR> d-------- C:\Program Files\ERUNT
2008-08-25 02:02 . 2008-09-01 18:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 02:02 . 2008-08-25 02:02 <DIR> d-------- C:\Documents and Settings\Thadeus McGriddle\Application Data\Malwarebytes
2008-08-25 02:02 . 2008-08-25 02:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 02:02 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-25 02:02 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 01:48 . 2008-08-25 01:48 <DIR> d-------- C:\VundoFix Backups
2008-08-25 00:01 . 2008-08-25 00:17 3,916 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-24 23:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-24 23:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-24 23:48 . 2008-08-23 19:06 89,600 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-24 23:48 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-24 23:48 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-24 23:48 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-24 23:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-24 23:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-24 23:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-19 10:11 . 2008-08-19 10:11 <DIR> d-------- C:\Program Files\EPSON
2008-08-19 10:11 . 2004-11-30 03:08 80,742 --a------ C:\WINDOWS\system32\E_SL2380.DLL
2008-08-19 10:11 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 08:34 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-30 14:31 --------- d-----w C:\Program Files\Java
2008-08-29 09:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-29 08:29 --------- d-----w C:\Documents and Settings\Thadeus McGriddle\Application Data\Skype
2008-08-29 08:28 --------- d-----w C:\Documents and Settings\Thadeus McGriddle\Application Data\skypePM
2008-08-02 04:27 --------- d-----w C:\Program Files\iTunes
2008-08-02 04:27 --------- d-----w C:\Program Files\iPod
2008-08-02 04:26 --------- d-----w C:\Program Files\Bonjour
2008-08-02 04:25 --------- d-----w C:\Program Files\QuickTime
2008-07-24 14:00 --------- d-----w C:\Program Files\MySpace
2008-07-24 14:00 --------- d-----w C:\Documents and Settings\Thadeus McGriddle\Application Data\MySpace
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-30 00:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys
2008-08-21 17:00 99376 {09286003-B545-458F-8FB3-0E8070788C83}\RP1\A0000021.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-02 1392640]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-14 118784]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-08 176128]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-09 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-18 85184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-10 155648]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-05-21 457728]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-14 49152]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-07 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Monitor"="C:\WINDOWS\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-28 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-05 53248]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-05-26 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Thadeus McGriddle\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

S3 EraserUtilDrv10821;EraserUtilDrv10821;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys [ ]
S3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [ ]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 18:38:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-03 18:38:54
ComboFix-quarantined-files.txt 2008-09-03 09:38:52
ComboFix2.txt 2008-09-02 08:41:08

Pre-Run: 57,335,930,880 bytes free
Post-Run: 57,332,514,816 bytes free

145 --- E O F --- 2008-08-14 18:03:50


Thank you so much! You are awesome! I know there is probably some clean-up we gotta do, but thanx so much for all your help.
-Dan
  • 0

#20
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Danzilla,

Ok, let's go on with your issue :)

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Posted Image Registry Modifications
  • Open up Notepad (if you can't find it: Click Start | Run | type Notepad and hit enter). Copy and paste the following text into the blank document.

    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
  • Save the file to your Desktop as fix.reg (make sure All Files is selected when saving.
  • Go to your desktop and double click the new file. It will ask you if you want to merge the changes in the file with the registry, click Yes and you'll receive a confirmation message.

Then reboot your computer and post me a fresh RSIT log.

Regards,
Egwene.
  • 0

#21
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Egwene,
I did the registry thing you said to do.
I rebooted and then downloaded that RSIT program.

Here is the first log:

Logfile of random's system information tool (written by random/random)
Run by Thadeus McGriddle at 2008-09-03 23:01:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 1014 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:53, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Thadeus McGriddle\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Thadeus McGriddle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.201.0.80:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1220442412312
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9650 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\ACD6A3B091852060.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-28 282624]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-02 1392640]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-14 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-14 118784]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-08 176128]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-09 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-18 85184]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-10 155648]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2007-05-21 457728]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-14 49152]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-07 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Monitor"=C:\WINDOWS\PixArt\PAC7311\Monitor.exe [2006-11-03 319488]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-14 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-18 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-16 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-14 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe"="C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe:*:Enabled:SCRABBLE "
"C:\Program Files\SopCast\sopvod.exe"="C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-03 23:01:49 ----D---- C:\rsit
2008-09-03 20:49:48 ----SHD---- C:\RECYCLER
2008-09-03 20:37:35 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 20:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-03 20:21:50 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-03 19:52:17 ----D---- C:\WINDOWS\Prefetch
2008-09-03 19:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-03 19:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-03 19:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-03 19:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-03 19:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-03 19:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-03 19:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-03 19:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-03 19:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-03 19:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-03 19:43:21 ----D---- C:\WINDOWS\system32\scripting
2008-09-03 19:43:20 ----D---- C:\WINDOWS\l2schemas
2008-09-03 19:43:19 ----D---- C:\WINDOWS\system32\en
2008-09-03 19:43:19 ----D---- C:\WINDOWS\system32\bits
2008-09-03 19:40:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-03 19:32:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-03 19:24:45 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-03 19:24:43 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-03 19:24:41 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-03 19:24:41 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-03 19:24:30 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-03 19:24:30 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-03 19:24:21 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-03 19:24:19 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\slrundll.exe
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-03 19:24:13 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-03 19:24:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-03 19:24:09 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-03 19:24:07 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-03 19:24:07 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-03 19:24:02 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-03 19:23:59 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-03 19:23:55 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-03 19:23:46 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-03 19:23:46 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-03 19:23:44 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-03 19:23:43 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-03 19:23:24 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-03 19:23:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-03 19:23:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-03 19:23:09 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-03 19:22:58 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-03 19:22:57 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-03 19:22:52 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-03 19:22:46 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-03 19:22:41 ----A---- C:\WINDOWS\003083_.tmp
2008-09-03 19:22:40 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-03 19:22:33 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-03 19:22:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-03 19:22:26 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-03 19:22:22 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-03 18:56:23 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-03 18:38:56 ----D---- C:\WINDOWS\temp
2008-09-03 18:38:55 ----A---- C:\ComboFix.txt
2008-09-02 17:30:15 ----D---- C:\QooBox
2008-09-02 17:30:14 ----A---- C:\WINDOWS\zip.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\VFind.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\swreg.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\sed.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\grep.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\fdsv.exe
2008-09-02 17:30:13 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-02 17:30:13 ----A---- C:\WINDOWS\swsc.exe
2008-09-02 17:20:37 ----ASH---- C:\BOOT.BAK
2008-09-02 17:19:49 ----RSHD---- C:\cmdcons
2008-09-02 17:19:49 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-09-02 17:19:47 ----D---- C:\WINDOWS\setup.pss
2008-09-02 17:19:30 ----D---- C:\WINDOWS\setupupd
2008-08-30 23:40:38 ----D---- C:\_OTMoveIt
2008-08-29 18:50:07 ----D---- C:\HostsXpert 4.2 - Hosts File Manager
2008-08-29 18:46:31 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-29 18:45:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-29 18:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-29 18:38:28 ----D---- C:\Program Files\NOS
2008-08-25 03:38:01 ----D---- C:\Program Files\Trend Micro
2008-08-25 02:44:23 ----D---- C:\WINDOWS\ERDNT
2008-08-25 02:33:18 ----D---- C:\Program Files\ERUNT
2008-08-25 02:02:47 ----D---- C:\Documents and Settings\Thadeus McGriddle\Application Data\Malwarebytes
2008-08-25 02:02:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 02:02:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 01:48:59 ----D---- C:\VundoFix Backups
2008-08-25 01:48:59 ----A---- C:\VundoFix.txt
2008-08-25 00:01:15 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-24 23:58:19 ----A---- C:\rapport.txt
2008-08-24 23:56:25 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\Process.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-19 10:11:57 ----A---- C:\WINDOWS\system32\E_SL2380.DLL
2008-08-19 10:11:56 ----D---- C:\Program Files\EPSON
2008-08-19 10:11:44 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2008-08-15 03:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-15 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-15 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 03:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-15 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 03:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-15 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\java.exe
2008-08-02 13:27:15 ----D---- C:\Program Files\iPod
2008-08-02 13:27:11 ----D---- C:\Program Files\iTunes
2008-08-02 13:26:15 ----D---- C:\Program Files\Bonjour
2008-08-02 13:25:24 ----D---- C:\Program Files\QuickTime
2008-07-24 23:00:04 ----D---- C:\Documents and Settings\Thadeus McGriddle\Application Data\MySpace
2008-07-24 23:00:02 ----D---- C:\Program Files\MySpace
2008-07-14 13:16:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-21 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-13 23:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-13 23:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-13 23:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-13 23:47:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$

List of drivers

R1 APPDRV;APPDRV; C:\WINDOWS\system32\SYSTEM32\DRIVERS\APPDRV.SYS []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-24 11776]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-04-05 19200]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-27 142720]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-13 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-21 21248]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-28 1171464]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-14 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EraserUtilDrv10821;EraserUtilDrv10821; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PAC7311;VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-04-04 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-09 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-09 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-18 19648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-12-02 380928]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-31 992864]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-02 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-30 69632]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-18 1706176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-09 83568]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-21 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-18 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-06 206552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


Here is the other log from RSIT:

info.txt logfile of random's system information tool 2008-09-03 23:01:56

Uninstall list

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Reader Japanese Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Resource CD-->MsiExec.exe /X{2764CA82-DFB9-4498-AF85-719340BF5305}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EPSONײޥհèè-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LUMIX Simple Viewer-->C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{35AD3FC5-D09D-4D9F-8E9C-E40794194EC5}
OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe -runfromtemp -l0x0009Package -removeonly
PowerDVD 5.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Scrabble-->C:\PROGRA~1\YAHOO!~1\Scrabble\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\Scrabble\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sid Meier's Civilization 4-->C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe -runfromtemp -l0x0009 -removeonly
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
SopCore 1.1.2-->C:\Program Files\SopCast\uninst.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

Security center information

AV: Symantec AntiVirus Corporate Edition

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

How's it look now?
Thx,
Dan
  • 0

#22
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey,

Please follow the following link and make what it said : http://www.malwareby...amp;#entry26567

Then reboot your computer and post a fresh RSIT log.

Regards,
Egwene.
  • 0

#23
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey,
Got that prgram and ran it. It said none of my registry files had been corrupted so no changes were made.

Here is the RSIT log:

Logfile of random's system information tool (written by random/random)
Run by Thadeus McGriddle at 2008-09-04 12:11:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (68%) free of 76 GB
Total RAM: 1014 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:05, on 9/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Thadeus McGriddle\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Thadeus McGriddle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.201.0.80:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1220442412312
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9739 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\ACD6A3B091852060.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-28 282624]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-02 1392640]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-14 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-14 118784]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-08 176128]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-09 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-18 85184]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-10 155648]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2007-05-21 457728]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-14 49152]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-07 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Monitor"=C:\WINDOWS\PixArt\PAC7311\Monitor.exe [2006-11-03 319488]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-14 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-18 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-16 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-14 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe"="C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe:*:Enabled:SCRABBLE "
"C:\Program Files\SopCast\sopvod.exe"="C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-03 23:01:49 ----D---- C:\rsit
2008-09-03 20:49:48 ----SHD---- C:\RECYCLER
2008-09-03 20:37:35 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 20:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-03 20:21:50 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-03 19:52:17 ----D---- C:\WINDOWS\Prefetch
2008-09-03 19:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-03 19:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-03 19:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-03 19:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-03 19:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-03 19:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-03 19:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-03 19:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-03 19:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-03 19:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-03 19:43:21 ----D---- C:\WINDOWS\system32\scripting
2008-09-03 19:43:20 ----D---- C:\WINDOWS\l2schemas
2008-09-03 19:43:19 ----D---- C:\WINDOWS\system32\en
2008-09-03 19:43:19 ----D---- C:\WINDOWS\system32\bits
2008-09-03 19:40:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-03 19:32:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-03 19:24:45 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-03 19:24:43 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-03 19:24:41 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-03 19:24:41 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-03 19:24:30 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-03 19:24:30 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-03 19:24:21 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-03 19:24:19 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\slrundll.exe
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-03 19:24:13 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-03 19:24:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-03 19:24:09 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-03 19:24:07 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-03 19:24:07 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-03 19:24:02 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-03 19:23:59 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-03 19:23:55 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-03 19:23:46 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-03 19:23:46 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-03 19:23:44 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-03 19:23:43 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-03 19:23:24 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-03 19:23:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-03 19:23:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-03 19:23:09 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-03 19:22:58 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-03 19:22:57 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-03 19:22:52 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-03 19:22:46 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-03 19:22:41 ----A---- C:\WINDOWS\003083_.tmp
2008-09-03 19:22:40 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-03 19:22:33 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-03 19:22:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-03 19:22:26 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-03 19:22:22 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-03 18:56:23 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-03 18:38:56 ----D---- C:\WINDOWS\temp
2008-09-03 18:38:55 ----A---- C:\ComboFix.txt
2008-09-02 17:30:15 ----D---- C:\QooBox
2008-09-02 17:30:14 ----A---- C:\WINDOWS\zip.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\VFind.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\swreg.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\sed.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\grep.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\fdsv.exe
2008-09-02 17:30:13 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-02 17:30:13 ----A---- C:\WINDOWS\swsc.exe
2008-09-02 17:20:37 ----ASH---- C:\BOOT.BAK
2008-09-02 17:19:49 ----RSHD---- C:\cmdcons
2008-09-02 17:19:49 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-09-02 17:19:47 ----D---- C:\WINDOWS\setup.pss
2008-09-02 17:19:30 ----D---- C:\WINDOWS\setupupd
2008-08-30 23:40:38 ----D---- C:\_OTMoveIt
2008-08-29 18:50:07 ----D---- C:\HostsXpert 4.2 - Hosts File Manager
2008-08-29 18:46:31 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-29 18:45:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-29 18:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-29 18:38:28 ----D---- C:\Program Files\NOS
2008-08-25 03:38:01 ----D---- C:\Program Files\Trend Micro
2008-08-25 02:44:23 ----D---- C:\WINDOWS\ERDNT
2008-08-25 02:33:18 ----D---- C:\Program Files\ERUNT
2008-08-25 02:02:47 ----D---- C:\Documents and Settings\Thadeus McGriddle\Application Data\Malwarebytes
2008-08-25 02:02:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 02:02:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 01:48:59 ----D---- C:\VundoFix Backups
2008-08-25 01:48:59 ----A---- C:\VundoFix.txt
2008-08-25 00:01:15 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-24 23:58:19 ----A---- C:\rapport.txt
2008-08-24 23:56:25 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\Process.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-19 10:11:57 ----A---- C:\WINDOWS\system32\E_SL2380.DLL
2008-08-19 10:11:56 ----D---- C:\Program Files\EPSON
2008-08-19 10:11:44 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2008-08-15 03:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-15 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-15 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 03:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-15 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 03:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-15 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\java.exe
2008-08-02 13:27:15 ----D---- C:\Program Files\iPod
2008-08-02 13:27:11 ----D---- C:\Program Files\iTunes
2008-08-02 13:26:15 ----D---- C:\Program Files\Bonjour
2008-08-02 13:25:24 ----D---- C:\Program Files\QuickTime
2008-07-24 23:00:04 ----D---- C:\Documents and Settings\Thadeus McGriddle\Application Data\MySpace
2008-07-24 23:00:02 ----D---- C:\Program Files\MySpace
2008-07-14 13:16:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-21 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-13 23:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-13 23:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-13 23:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-13 23:47:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$

List of drivers

R1 APPDRV;APPDRV; C:\WINDOWS\system32\SYSTEM32\DRIVERS\APPDRV.SYS []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-24 11776]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-04-05 19200]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-27 142720]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-13 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-21 21248]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-28 1171464]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-14 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EraserUtilDrv10821;EraserUtilDrv10821; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PAC7311;VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-04-04 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-09 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-09 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-18 19648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-12-02 380928]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-31 992864]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-02 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-30 69632]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-18 1706176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-09 83568]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-21 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-18 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-06 206552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Since I am able to use internet again, I am able to check your replies at work. My response time will be faster because of that. Thx.
  • 0

#24
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Danzilla,

The problem wasn't fixed, let's try this now please :)

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Posted Image Registry Modifications
  • Open up Notepad (if you can't find it: Click Start | Run | type Notepad and hit enter). Copy and paste the following text into the blank document.

    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
  • Save the file to your Desktop as fix.reg (make sure All Files is selected when saving.
  • Go to your desktop and double click the new file. It will ask you if you want to merge the changes in the file with the registry, click Yes and you'll receive a confirmation message.

Then reboot your computer and post me a fresh RSIT log.

Regards,
Egwene.
  • 0

#25
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Egwene,
Ran all the steps.
Here's the log:

Logfile of random's system information tool (written by random/random)
Run by Thadeus McGriddle at 2008-09-05 09:51:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (68%) free of 76 GB
Total RAM: 1014 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:51:12, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Thadeus McGriddle\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Thadeus McGriddle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.201.0.80:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1220442412312
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9739 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\ACD6A3B091852060.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-28 282624]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-02 1392640]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-14 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-14 118784]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-08 176128]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-09 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-18 85184]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-10 155648]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2007-05-21 457728]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-14 49152]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-07 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Monitor"=C:\WINDOWS\PixArt\PAC7311\Monitor.exe [2006-11-03 319488]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-14 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-18 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-16 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-14 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe"="C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe:*:Enabled:SCRABBLE "
"C:\Program Files\SopCast\sopvod.exe"="C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-04 21:28:14 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-04 21:28:14 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-03 23:01:49 ----D---- C:\rsit
2008-09-03 20:49:48 ----SHD---- C:\RECYCLER
2008-09-03 20:37:35 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 20:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-03 20:21:50 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-03 19:52:17 ----D---- C:\WINDOWS\Prefetch
2008-09-03 19:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-03 19:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-03 19:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-03 19:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-03 19:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-03 19:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-03 19:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-03 19:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-03 19:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-03 19:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-03 19:43:21 ----D---- C:\WINDOWS\system32\scripting
2008-09-03 19:43:20 ----D---- C:\WINDOWS\l2schemas
2008-09-03 19:43:19 ----D---- C:\WINDOWS\system32\en
2008-09-03 19:43:19 ----D---- C:\WINDOWS\system32\bits
2008-09-03 19:40:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-03 19:32:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-03 19:24:45 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-03 19:24:43 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-03 19:24:41 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-03 19:24:41 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-03 19:24:30 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-03 19:24:30 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-03 19:24:21 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-03 19:24:19 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\slrundll.exe
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-03 19:24:13 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-03 19:24:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-03 19:24:09 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-03 19:24:07 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-03 19:24:07 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-03 19:24:02 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-03 19:23:59 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-03 19:23:55 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-03 19:23:46 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-03 19:23:46 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-03 19:23:44 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-03 19:23:43 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-03 19:23:24 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-03 19:23:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-03 19:23:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-03 19:23:09 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-03 19:22:58 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-03 19:22:57 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-03 19:22:52 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-03 19:22:46 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-03 19:22:41 ----A---- C:\WINDOWS\003083_.tmp
2008-09-03 19:22:40 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-03 19:22:33 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-03 19:22:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-03 19:22:26 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-03 19:22:22 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-03 18:56:23 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-03 18:38:56 ----D---- C:\WINDOWS\temp
2008-09-03 18:38:55 ----A---- C:\ComboFix.txt
2008-09-02 17:30:15 ----D---- C:\QooBox
2008-09-02 17:30:14 ----A---- C:\WINDOWS\zip.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\VFind.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\swreg.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\sed.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\grep.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\fdsv.exe
2008-09-02 17:30:13 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-02 17:30:13 ----A---- C:\WINDOWS\swsc.exe
2008-09-02 17:20:37 ----ASH---- C:\BOOT.BAK
2008-09-02 17:19:49 ----RSHD---- C:\cmdcons
2008-09-02 17:19:49 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-09-02 17:19:47 ----D---- C:\WINDOWS\setup.pss
2008-09-02 17:19:30 ----D---- C:\WINDOWS\setupupd
2008-08-30 23:40:38 ----D---- C:\_OTMoveIt
2008-08-29 18:50:07 ----D---- C:\HostsXpert 4.2 - Hosts File Manager
2008-08-29 18:46:31 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-29 18:45:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-29 18:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-29 18:38:28 ----D---- C:\Program Files\NOS
2008-08-25 03:38:01 ----D---- C:\Program Files\Trend Micro
2008-08-25 02:44:23 ----D---- C:\WINDOWS\ERDNT
2008-08-25 02:33:18 ----D---- C:\Program Files\ERUNT
2008-08-25 02:02:47 ----D---- C:\Documents and Settings\Thadeus McGriddle\Application Data\Malwarebytes
2008-08-25 02:02:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 02:02:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 01:48:59 ----D---- C:\VundoFix Backups
2008-08-25 01:48:59 ----A---- C:\VundoFix.txt
2008-08-25 00:01:15 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-24 23:58:19 ----A---- C:\rapport.txt
2008-08-24 23:56:25 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\Process.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-19 10:11:57 ----A---- C:\WINDOWS\system32\E_SL2380.DLL
2008-08-19 10:11:56 ----D---- C:\Program Files\EPSON
2008-08-19 10:11:44 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2008-08-15 03:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-15 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-15 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 03:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-15 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 03:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-15 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\java.exe
2008-08-02 13:27:15 ----D---- C:\Program Files\iPod
2008-08-02 13:27:11 ----D---- C:\Program Files\iTunes
2008-08-02 13:26:15 ----D---- C:\Program Files\Bonjour
2008-08-02 13:25:24 ----D---- C:\Program Files\QuickTime
2008-07-24 23:00:04 ----D---- C:\Documents and Settings\Thadeus McGriddle\Application Data\MySpace
2008-07-24 23:00:02 ----D---- C:\Program Files\MySpace
2008-07-14 13:16:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-21 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-13 23:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-13 23:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-13 23:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-13 23:47:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$

List of drivers

R1 APPDRV;APPDRV; C:\WINDOWS\system32\SYSTEM32\DRIVERS\APPDRV.SYS []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-24 11776]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-04-05 19200]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-27 142720]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-13 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-21 21248]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-28 1171464]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-14 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EraserUtilDrv10821;EraserUtilDrv10821; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PAC7311;VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-04-04 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-09 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-09 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-18 19648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-12-02 380928]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-31 992864]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-02 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-30 69632]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-18 1706176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-09 83568]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-21 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-18 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-06 206552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


Hope it's ok! :)
  • 0

Advertisements


#26
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Egwene,
I see that those "commas" that are supposed to be there aren't being fixed when I am adding the fix.reg you are telling me to add. I am saving it as "all files." Do I need to change it from ANSI to anything else? Wasn't sure if it was something I was doing wrong that was preventing the change from being made.

Comp is still running fine otherwise. I haven't noticed any probs other than Symantec not loading.

Thx again,
Dan
  • 0

#27
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Danzilla,

We will fix it :) Let's try this now :

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Posted Image Registry Modifications
  • Open up Notepad (if you can't find it: Click Start | Run | type Notepad and hit enter). Copy and paste the following text into the blank document.

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
  • Save the file to your Desktop as fix.reg (make sure All Files is selected when saving.
  • Go to your desktop and double click the new file. It will ask you if you want to merge the changes in the file with the registry, click Yes and you'll receive a confirmation message.

Then reboot your computer and post me a fresh RSIT log.

Regards,
Egwene.
  • 0

#28
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey there,

Did the steps, here's the log:

Logfile of random's system information tool (written by random/random)
Run by Thadeus McGriddle at 2008-09-06 00:07:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 1014 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:07:22, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Thadeus McGriddle\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Thadeus McGriddle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.201.0.80:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1220442412312
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9788 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\ACD6A3B091852060.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-28 282624]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-02 1392640]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-14 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-14 118784]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-08 176128]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-09 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-18 85184]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-10 155648]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2007-05-21 457728]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-14 49152]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-07 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Monitor"=C:\WINDOWS\PixArt\PAC7311\Monitor.exe [2006-11-03 319488]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-14 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-18 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-16 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-14 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe"="C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe:*:Enabled:SCRABBLE "
"C:\Program Files\SopCast\sopvod.exe"="C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-04 21:28:14 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-04 21:28:14 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-03 23:01:49 ----D---- C:\rsit
2008-09-03 20:49:48 ----SHD---- C:\RECYCLER
2008-09-03 20:37:35 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 20:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-03 20:21:50 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-03 19:52:17 ----D---- C:\WINDOWS\Prefetch
2008-09-03 19:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-03 19:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-03 19:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-03 19:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-03 19:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-03 19:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-03 19:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-03 19:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-03 19:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-03 19:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-03 19:43:21 ----D---- C:\WINDOWS\system32\scripting
2008-09-03 19:43:20 ----D---- C:\WINDOWS\l2schemas
2008-09-03 19:43:19 ----D---- C:\WINDOWS\system32\en
2008-09-03 19:43:19 ----D---- C:\WINDOWS\system32\bits
2008-09-03 19:40:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-03 19:32:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-03 19:24:45 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-03 19:24:43 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-03 19:24:41 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-03 19:24:41 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-03 19:24:30 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-03 19:24:30 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-03 19:24:21 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-03 19:24:19 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-03 19:24:18 ----N---- C:\WINDOWS\slrundll.exe
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-03 19:24:17 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-03 19:24:13 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-03 19:24:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-03 19:24:09 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-03 19:24:07 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-03 19:24:07 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-03 19:24:05 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-03 19:24:02 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-03 19:23:59 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-03 19:23:55 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-03 19:23:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-03 19:23:46 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-03 19:23:46 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-03 19:23:44 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-03 19:23:43 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-03 19:23:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-03 19:23:24 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-03 19:23:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-03 19:23:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-03 19:23:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-03 19:23:09 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-03 19:22:58 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-03 19:22:57 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-03 19:22:52 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-03 19:22:46 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-03 19:22:41 ----A---- C:\WINDOWS\003083_.tmp
2008-09-03 19:22:40 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-03 19:22:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-03 19:22:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-03 19:22:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-03 19:22:33 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-03 19:22:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-03 19:22:28 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-03 19:22:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-03 19:22:26 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-03 19:22:22 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-03 18:56:23 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-03 18:38:56 ----D---- C:\WINDOWS\temp
2008-09-03 18:38:55 ----A---- C:\ComboFix.txt
2008-09-02 17:30:15 ----D---- C:\QooBox
2008-09-02 17:30:14 ----A---- C:\WINDOWS\zip.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\VFind.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\swreg.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\sed.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\grep.exe
2008-09-02 17:30:14 ----A---- C:\WINDOWS\fdsv.exe
2008-09-02 17:30:13 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-02 17:30:13 ----A---- C:\WINDOWS\swsc.exe
2008-09-02 17:20:37 ----ASH---- C:\BOOT.BAK
2008-09-02 17:19:49 ----RSHD---- C:\cmdcons
2008-09-02 17:19:49 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-09-02 17:19:47 ----D---- C:\WINDOWS\setup.pss
2008-09-02 17:19:30 ----D---- C:\WINDOWS\setupupd
2008-08-30 23:40:38 ----D---- C:\_OTMoveIt
2008-08-29 18:50:07 ----D---- C:\HostsXpert 4.2 - Hosts File Manager
2008-08-29 18:46:31 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-29 18:45:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-29 18:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-29 18:38:28 ----D---- C:\Program Files\NOS
2008-08-25 03:38:01 ----D---- C:\Program Files\Trend Micro
2008-08-25 02:44:23 ----D---- C:\WINDOWS\ERDNT
2008-08-25 02:33:18 ----D---- C:\Program Files\ERUNT
2008-08-25 02:02:47 ----D---- C:\Documents and Settings\Thadeus McGriddle\Application Data\Malwarebytes
2008-08-25 02:02:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 02:02:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 01:48:59 ----D---- C:\VundoFix Backups
2008-08-25 01:48:59 ----A---- C:\VundoFix.txt
2008-08-25 00:01:15 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-24 23:58:19 ----A---- C:\rapport.txt
2008-08-24 23:56:25 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\Process.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-08-24 23:48:05 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-19 10:11:57 ----A---- C:\WINDOWS\system32\E_SL2380.DLL
2008-08-19 10:11:56 ----D---- C:\Program Files\EPSON
2008-08-19 10:11:44 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2008-08-15 03:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-15 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-15 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 03:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-15 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 03:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-15 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-14 15:41:40 ----A---- C:\WINDOWS\system32\java.exe
2008-08-02 13:27:15 ----D---- C:\Program Files\iPod
2008-08-02 13:27:11 ----D---- C:\Program Files\iTunes
2008-08-02 13:26:15 ----D---- C:\Program Files\Bonjour
2008-08-02 13:25:24 ----D---- C:\Program Files\QuickTime
2008-07-24 23:00:04 ----D---- C:\Documents and Settings\Thadeus McGriddle\Application Data\MySpace
2008-07-24 23:00:02 ----D---- C:\Program Files\MySpace
2008-07-14 13:16:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-21 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-13 23:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-13 23:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-13 23:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-13 23:47:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$

List of drivers

R1 APPDRV;APPDRV; C:\WINDOWS\system32\SYSTEM32\DRIVERS\APPDRV.SYS []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-24 11776]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-04-05 19200]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-27 142720]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-13 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-21 21248]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-28 1171464]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-14 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EraserUtilDrv10821;EraserUtilDrv10821; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PAC7311;VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-04-04 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-09 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-09 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-18 19648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-12-02 380928]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-31 992864]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-02 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-30 69632]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-18 1706176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-09 83568]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-21 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-18 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-06 206552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
  • 0

#29
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Danzilla,

Great new, the issue apperas to be fixed :)

Let's finish the removal now, if you please.

---
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\tasks\ACD6A3B091852060.job
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

---

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

---

Congralutations, your log looks clean :)

1) Run OTcleanIT :

Please Download OTcleanIT (OldTimer) : http://download.blee...r/OTCleanIt.exe

Open it and double-click on the "CleanUp" boutton.

2) Update windows :

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

* Click Start.
* Select Settings and then Control Panel.
* Select Automatic Updates.
* Click Automatic (recommended)
* Choose a day and a time when you know the computer will be on and connected to the internet.
* Click Apply then OK.

3) Prevention/protection :

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • If you haven't a firewall on your computer, I advice you to install one of the following : Kerio / Commodo / ZoneAlarme.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
  • SpywareBlaster protects against bad ActiveX.
  • IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

Take a good look at the following suggestions for malware prevention by reading Tony Kleins article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Regards,
Egwene.
  • 0

#30
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Awesome! :)
Thanx for all your hard work, Egwene.

I ran the OTMoveIT2 and I am not sure if it worked correctly, so I didn't complete the other steps.
The first time I ran it, it froze. My desktop went blank and I had to use ctl, alt, del to restart the comp.

The second time it looked like it was about to freeze again, but then it completed it's program. However, I had to use task manager to shut the program down because it wouldn't let me click on anything else.
I did a reboot because it looked like 2 of the things would be deleted on reboot.

Here's the log after the reboot.

Explorer killed successfully
File/Folder C:\WINDOWS\tasks\ACD6A3B091852060.job not found.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\THADEU~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\THADEU~1\LOCALS~1\Temp\~DF9A4E.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09062008_160420

Files moved on Reboot...
C:\DOCUME~1\THADEU~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\DOCUME~1\THADEU~1\LOCALS~1\Temp\~DF9A4E.tmp not found!


Wasn't sure if we needed to do anything else before I got rid of the combofix program since that last entry said it wasn't able to be moved correctly.

What do you think?
-Dan
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP