Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo infection! Help! [Solved]


  • This topic is locked This topic is locked

#1
mtrigact

mtrigact

    Member

  • Member
  • PipPip
  • 14 posts
Please help! a bit over a week ago I got hit with something that I just can't get rid of. I have run all sorts of scans (symantec, malwarebytes' anti malware, vundo fix ect) and it will delete some files but whatever it is always comes back. I just completed a malwarebytes scan (everything was clean) and then reactivated my symantec and it pops up with an automatic alert saying i have Trojan.Vundo in Zogudipo.dll. When I take care of everything my Windows Task Manager shows CPU usage still. It continues to increase untill it is bouncing between 80 and 100%. I have no idea what is going on and am in dire need of help. I am attaching the hackthis log. I would be greatful for any help that you have to offer. Thanks!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:00 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\SMARTD~2\SDPhotoBar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cy...mallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\SMARTD~2\SDPhotoBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas24.exe" /minimize
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169263919712
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - https://stores.music...NugsActiveX.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL jasyki.dll etghfj.dll c:\windows\system32\sovaroda.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtUnmJDU - vtUnmJDU.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14563 bytes
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mtrigact, and welcome to Geeks to go. :)
Sorry about the delay.

Lets get a fresh look at your computer.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#3
mtrigact

mtrigact

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Jimmy 2012,

Thank you for getting back to me. I ran RSIT again this morning and the logs the logs are both below. Thank you again, this is such a help.





info.txt logfile of random's system information tool 1.04 2008-12-13 10:29:39

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Premiere 6.0-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL2.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EndNote-->C:\PROGRA~1\EndNote\UNWISE.EXE C:\PROGRA~1\EndNote\INSTALL.LOG
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google AFE-->regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.36\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Linksys EasyLink Advisor 1.5 (1044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LSX-MPEG for Adobe Premiere (Version 2.01)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C15E93AC-9C33-41ED-A3D9-C93D931F3443}\Setup.exe" -l0x9
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mouse Suite for Laptop Computers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}\Setup.exe" -l0x9 -removeonly
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
MyIdentityDefender Toolbar (CyberDefender Corporation)-->C:\Documents and Settings\Tom Moore\Local Settings\Application Data\CyberDefender\cdinstx.exe /u
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NASA World Wind 1.3-->"C:\Program Files\NASA\World Wind 1.3\Uninstall_World_Wind_1.3.exe"
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{795AF20A-51C5-4BAF-9EF5-AA38105C6141}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SmartFTP Client 2.0 Setup Files (remove only)-->"C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.0-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{3248E093-5288-4CA9-B3AB-11A675FEA1F9}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

======Security center information======

AV: Symantec AntiVirus Corporate Edition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------





Logfile of random's system information tool 1.04 (written by random/random)
Run by Tom Moore at 2008-12-13 10:29:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (15%) free of 89 GB
Total RAM: 1015 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:37 AM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\SMARTD~2\SDPhotoBar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Tom Moore\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\Tom Moore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cy...mallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\SMARTD~2\SDPhotoBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169263919712
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - https://stores.music...NugsActiveX.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL jasyki.dll etghfj.dll c:\windows\system32\sovaroda.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: vtUnmJDU - vtUnmJDU.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c95ca74e23c752) (gupdate1c95ca74e23c752) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14506 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (TMOORESCHOOL-Tom Moore).job
C:\WINDOWS\tasks\Norton Security Scan for Tom Moore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}]
McBrwHelper Class - c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-07-26 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-02 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-02 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-24 729178]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-03-10 169984]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-06-02 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-06-23 85696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-06-09 47104]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-03 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"SDPhotoBar.exe"=C:\SMARTD~2\SDPhotoBar.exe [2003-01-10 192512]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-10-30 392832]
"DellSupport-"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-13 1809648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL jasyki.dll etghfj.dll c:\windows\system32\sovaroda.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-13 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-06-23 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUnmJDU]
vtUnmJDU.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Documents and Settings\Tom Moore\My Documents\Downloads\wowclient-downloader.exe"="C:\Documents and Settings\Tom Moore\My Documents\Downloads\wowclient-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Documents and Settings\Tom Moore\Desktop\wowclient-downloader.exe"="C:\Documents and Settings\Tom Moore\Desktop\wowclient-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{924c159c-7d57-11da-b3a0-00038a000015}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdbc732c-ea1c-11db-b474-00142291bfd1}]
shell\AutoRun\command - E:\autorun.exe


======List of files/folders created in the last 3 months======

2008-12-08 18:52:41 ----D---- C:\WINDOWS\ERDNT
2008-12-08 17:42:42 ----D---- C:\VundoFix Backups
2008-12-07 02:28:46 ----A---- C:\WINDOWS\st_affiliate.ini
2008-12-06 18:14:32 ----D---- C:\_OTMoveIt
2008-12-06 18:12:06 ----D---- C:\Program Files\trend micro
2008-12-06 18:12:02 ----D---- C:\rsit
2008-12-06 13:53:58 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Malwarebytes
2008-12-06 13:53:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-06 13:53:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-06 12:59:01 ----D---- C:\_OTScanIt
2008-12-04 22:25:34 ----SH---- C:\WINDOWS\system32\orewotek.ini
2008-12-04 05:40:23 ----SH---- C:\WINDOWS\system32\egojavet.ini
2008-12-03 20:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-03 20:11:59 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-03 20:11:59 ----D---- C:\Documents and Settings\Tom Moore\Application Data\SUPERAntiSpyware.com
2008-12-03 20:11:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-03 17:39:29 ----SH---- C:\WINDOWS\system32\luhuwuji.exe
2008-12-03 02:38:41 ----SH---- C:\WINDOWS\system32\dewegabu.exe
2008-12-02 22:35:24 ----A---- C:\VundoFix.txt
2008-12-02 22:17:57 ----D---- C:\Program Files\Common Files\xing shared
2008-12-02 21:37:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 21:20:38 ----D---- C:\Program Files\Spyware Doctor
2008-12-02 21:20:38 ----D---- C:\Documents and Settings\Tom Moore\Application Data\PC Tools
2008-12-02 21:12:34 ----D---- C:\Program Files\
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mtrigact,

Your RSIT log.txt log got cutoff, please re-post it in your next reply. The file can be found here, C:\rsit\log.txt. All you need to do is open up log.txt and copy/paste the text inside in your next reply.
  • 0

#5
mtrigact

mtrigact

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Jimmy 2012 - Sorry about that. Here are the compled logs. Thanks again!


Logfile of random's system information tool 1.04 (written by random/random)
Run by Tom Moore at 2008-12-13 10:29:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (15%) free of 89 GB
Total RAM: 1015 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:37 AM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\SMARTD~2\SDPhotoBar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Tom Moore\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\Tom Moore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cy...mallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\SMARTD~2\SDPhotoBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169263919712
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - https://stores.music...NugsActiveX.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL jasyki.dll etghfj.dll c:\windows\system32\sovaroda.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: vtUnmJDU - vtUnmJDU.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c95ca74e23c752) (gupdate1c95ca74e23c752) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14506 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (TMOORESCHOOL-Tom Moore).job
C:\WINDOWS\tasks\Norton Security Scan for Tom Moore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}]
McBrwHelper Class - c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-07-26 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-02 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-02 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-24 729178]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-03-10 169984]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-06-02 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-06-23 85696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-06-09 47104]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-03 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"SDPhotoBar.exe"=C:\SMARTD~2\SDPhotoBar.exe [2003-01-10 192512]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-10-30 392832]
"DellSupport-"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-13 1809648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL jasyki.dll etghfj.dll c:\windows\system32\sovaroda.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-13 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-06-23 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUnmJDU]
vtUnmJDU.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Documents and Settings\Tom Moore\My Documents\Downloads\wowclient-downloader.exe"="C:\Documents and Settings\Tom Moore\My Documents\Downloads\wowclient-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Documents and Settings\Tom Moore\Desktop\wowclient-downloader.exe"="C:\Documents and Settings\Tom Moore\Desktop\wowclient-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{924c159c-7d57-11da-b3a0-00038a000015}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdbc732c-ea1c-11db-b474-00142291bfd1}]
shell\AutoRun\command - E:\autorun.exe


======List of files/folders created in the last 3 months======

2008-12-08 18:52:41 ----D---- C:\WINDOWS\ERDNT
2008-12-08 17:42:42 ----D---- C:\VundoFix Backups
2008-12-07 02:28:46 ----A---- C:\WINDOWS\st_affiliate.ini
2008-12-06 18:14:32 ----D---- C:\_OTMoveIt
2008-12-06 18:12:06 ----D---- C:\Program Files\trend micro
2008-12-06 18:12:02 ----D---- C:\rsit
2008-12-06 13:53:58 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Malwarebytes
2008-12-06 13:53:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-06 13:53:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-06 12:59:01 ----D---- C:\_OTScanIt
2008-12-04 22:25:34 ----SH---- C:\WINDOWS\system32\orewotek.ini
2008-12-04 05:40:23 ----SH---- C:\WINDOWS\system32\egojavet.ini
2008-12-03 20:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-03 20:11:59 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-03 20:11:59 ----D---- C:\Documents and Settings\Tom Moore\Application Data\SUPERAntiSpyware.com
2008-12-03 20:11:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-03 17:39:29 ----SH---- C:\WINDOWS\system32\luhuwuji.exe
2008-12-03 02:38:41 ----SH---- C:\WINDOWS\system32\dewegabu.exe
2008-12-02 22:35:24 ----A---- C:\VundoFix.txt
2008-12-02 22:17:57 ----D---- C:\Program Files\Common Files\xing shared
2008-12-02 21:37:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 21:20:38 ----D---- C:\Program Files\Spyware Doctor
2008-12-02 21:20:38 ----D---- C:\Documents and Settings\Tom Moore\Application Data\PC Tools
2008-12-02 21:12:34 ----D---- C:\Program Files\Norton Security Scan
2008-12-02 21:06:44 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-01 21:11:26 ----ASH---- C:\WINDOWS\system32\sslqktqg.ini
2008-12-01 21:10:45 ----A---- C:\WINDOWS\system32\57f6a6d9-.txt
2008-12-01 21:09:50 ----ASH---- C:\WINDOWS\system32\Hilopqru.ini2
2008-12-01 21:09:50 ----ASH---- C:\WINDOWS\system32\Hilopqru.ini
2008-12-01 21:05:30 ----A---- C:\WINDOWS\system32\g60.exe
2008-12-01 21:05:17 ----SHD---- C:\WINDOWS\VG9tIE1vb3Jl
2008-12-01 21:04:42 ----D---- C:\WINDOWS\system32\uv9
2008-12-01 21:04:42 ----D---- C:\WINDOWS\system32\ki3
2008-12-01 21:04:42 ----D---- C:\WINDOWS\system32\hov
2008-12-01 21:04:42 ----D---- C:\WINDOWS\system32\bin
2008-12-01 21:04:41 ----D---- C:\WINDOWS\system32\VC
2008-11-13 09:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 09:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 09:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 02:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 02:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-12 01:00:01 ----D---- C:\WINDOWS\Prefetch
2008-10-12 00:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-12 00:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-12 00:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-12 00:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-12 00:19:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-12 00:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-12 00:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-12 00:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-12 00:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-12 00:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-12 00:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-12 00:01:46 ----D---- C:\WINDOWS\system32\scripting
2008-10-12 00:01:44 ----D---- C:\WINDOWS\l2schemas
2008-10-12 00:01:42 ----D---- C:\WINDOWS\system32\en
2008-10-12 00:01:41 ----D---- C:\WINDOWS\system32\bits
2008-10-11 23:53:51 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-11 23:33:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-09 22:01:49 ----D---- C:\Program Files\iTunes
2008-10-09 22:01:49 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 21:59:37 ----D---- C:\Program Files\Bonjour
2008-10-09 21:58:19 ----D---- C:\Program Files\QuickTime
2008-10-09 21:38:26 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-09 21:38:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-09 21:38:26 ----A---- C:\WINDOWS\system32\java.exe
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-18 21:16:35 ----SHD---- C:\Config.Msi
2008-09-15 07:10:10 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Viewpoint

======List of files/folders modified in the last 3 months======

2008-12-13 10:23:05 ----D---- C:\Program Files
2008-12-13 10:22:40 ----D---- C:\WINDOWS
2008-12-13 10:22:38 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 10:22:35 ----RSD---- C:\WINDOWS\assembly
2008-12-13 10:20:22 ----D---- C:\WINDOWS\Temp
2008-12-13 10:19:55 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-13 10:19:50 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-13 10:18:08 ----D---- C:\WINDOWS\Registration
2008-12-13 10:13:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-12 17:21:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-12 17:17:29 ----D---- C:\Program Files\Google
2008-12-12 17:16:55 ----SHD---- C:\WINDOWS\Installer
2008-12-12 17:16:40 ----SD---- C:\WINDOWS\Tasks
2008-12-09 21:59:02 ----D---- C:\WINDOWS\system32
2008-12-08 19:14:55 ----D---- C:\Program Files\Azureus
2008-12-08 17:45:27 ----A---- C:\WINDOWS\win.ini
2008-12-07 02:23:18 ----HD---- C:\WINDOWS\inf
2008-12-06 18:17:37 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-06 11:51:08 ----SHD---- C:\WINDOWS\CSC
2008-12-04 08:57:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 20:11:16 ----D---- C:\Program Files\Common Files
2008-12-03 18:58:45 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-03 18:53:01 ----D---- C:\WINDOWS\WinSxS
2008-12-03 18:51:34 ----D---- C:\Program Files\Internet Explorer
2008-12-03 18:47:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-02 22:17:50 ----D---- C:\Program Files\Common Files\Real
2008-12-02 22:17:46 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-12-02 22:17:32 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-12-02 22:17:32 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-12-02 22:17:28 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-02 22:17:27 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-12-02 21:12:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-01 21:04:52 ----D---- C:\temp
2008-12-01 20:48:42 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Azureus
2008-11-24 20:16:48 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-22 17:35:05 ----D---- C:\WINDOWS\Help
2008-11-15 11:24:36 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Move Networks
2008-11-13 09:03:13 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 09:02:42 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 20:09:50 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Adobe
2008-11-01 13:04:56 ----D---- C:\Documents and Settings\Tom Moore\Application Data\EndNote
2008-11-01 13:04:37 ----D---- C:\Program Files\EndNote
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 10:09:44 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-12 01:01:08 ----A---- C:\WINDOWS\setuplog.txt
2008-10-12 00:59:01 ----D---- C:\WINDOWS\system32\Setup
2008-10-12 00:59:01 ----D---- C:\WINDOWS\ime
2008-10-12 00:59:01 ----D---- C:\WINDOWS\AppPatch
2008-10-12 00:58:58 ----D---- C:\WINDOWS\system32\wbem
2008-10-12 00:58:55 ----RSD---- C:\WINDOWS\Fonts
2008-10-12 00:57:50 ----D---- C:\WINDOWS\security
2008-10-12 00:18:01 ----D---- C:\Program Files\Messenger
2008-10-12 00:02:41 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-12 00:02:40 ----D---- C:\WINDOWS\network diagnostic
2008-10-12 00:01:49 ----D---- C:\WINDOWS\system32\usmt
2008-10-12 00:01:49 ----D---- C:\WINDOWS\system32\en-US
2008-10-12 00:01:41 ----D---- C:\WINDOWS\PeerNet
2008-10-12 00:01:41 ----D---- C:\Program Files\Movie Maker
2008-10-11 23:53:32 ----D---- C:\WINDOWS\system32\Restore
2008-10-11 23:53:31 ----D---- C:\WINDOWS\system32\npp
2008-10-11 23:53:31 ----D---- C:\WINDOWS\mui
2008-10-11 23:53:29 ----D---- C:\WINDOWS\msagent
2008-10-11 23:53:27 ----D---- C:\WINDOWS\srchasst
2008-10-11 23:53:25 ----D---- C:\Program Files\NetMeeting
2008-10-11 23:53:23 ----D---- C:\WINDOWS\system32\Com
2008-10-11 23:53:18 ----D---- C:\Program Files\Windows NT
2008-10-11 23:53:17 ----D---- C:\Program Files\Outlook Express
2008-10-11 23:53:12 ----D---- C:\Program Files\Common Files\System
2008-10-11 23:52:12 ----D---- C:\WINDOWS\system32\oobe
2008-10-11 23:51:58 ----D---- C:\WINDOWS\system
2008-10-11 23:41:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-11 23:33:19 ----D---- C:\WINDOWS\ehome
2008-10-09 22:02:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-09 22:01:53 ----D---- C:\Program Files\iPod
2008-10-09 21:58:29 ----D---- C:\Program Files\Common Files\Apple
2008-10-09 21:38:25 ----D---- C:\Program Files\Java
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-18 21:17:41 ----D---- C:\Program Files\Apple Software Update

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-12-03 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-12-03 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-05 21425]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 drvnddm;drvnddm; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2007-08-26 28672]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-24 190560]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-02-08 5185]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-08-09 156288]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-06-02 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-06-02 161392]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005-04-07 1421336]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-06-23 19648]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-02 168432]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-12-03 1079176]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-06-23 1715904]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c95ca74e23c752;Google Update Service (gupdate1c95ca74e23c752); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-12-12 119280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-06-02 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-06-23 124608]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player
  • 0

#6
mtrigact

mtrigact

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am posting them individually since it seems to cut off when I post them both.

Here is the info file.

Thanks!


info.txt logfile of random's system information tool 1.04 2008-12-13 10:29:39

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Premiere 6.0-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL2.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EndNote-->C:\PROGRA~1\EndNote\UNWISE.EXE C:\PROGRA~1\EndNote\INSTALL.LOG
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google AFE-->regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.36\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Linksys EasyLink Advisor 1.5 (1044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LSX-MPEG for Adobe Premiere (Version 2.01)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C15E93AC-9C33-41ED-A3D9-C93D931F3443}\Setup.exe" -l0x9
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mouse Suite for Laptop Computers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}\Setup.exe" -l0x9 -removeonly
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
MyIdentityDefender Toolbar (CyberDefender Corporation)-->C:\Documents and Settings\Tom Moore\Local Settings\Application Data\CyberDefender\cdinstx.exe /u
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NASA World Wind 1.3-->"C:\Program Files\NASA\World Wind 1.3\Uninstall_World_Wind_1.3.exe"
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{795AF20A-51C5-4BAF-9EF5-AA38105C6141}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SmartFTP Client 2.0 Setup Files (remove only)-->"C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.0-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{3248E093-5288-4CA9-B3AB-11A675FEA1F9}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

======Security center information======

AV: Symantec AntiVirus Corporate Edition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
  • 0

#7
mtrigact

mtrigact

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the full log.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Tom Moore at 2008-12-13 10:29:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (15%) free of 89 GB
Total RAM: 1015 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:37 AM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\SMARTD~2\SDPhotoBar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Tom Moore\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\Tom Moore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cy...mallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\SMARTD~2\SDPhotoBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169263919712
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - https://stores.music...NugsActiveX.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL jasyki.dll etghfj.dll c:\windows\system32\sovaroda.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: vtUnmJDU - vtUnmJDU.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c95ca74e23c752) (gupdate1c95ca74e23c752) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14506 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (TMOORESCHOOL-Tom Moore).job
C:\WINDOWS\tasks\Norton Security Scan for Tom Moore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}]
McBrwHelper Class - c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-07-26 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-02 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-02 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-24 729178]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-03-10 169984]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-06-02 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-06-23 85696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-06-09 47104]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-03 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"SDPhotoBar.exe"=C:\SMARTD~2\SDPhotoBar.exe [2003-01-10 192512]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-10-30 392832]
"DellSupport-"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-13 1809648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL jasyki.dll etghfj.dll c:\windows\system32\sovaroda.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-13 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-06-23 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUnmJDU]
vtUnmJDU.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Documents and Settings\Tom Moore\My Documents\Downloads\wowclient-downloader.exe"="C:\Documents and Settings\Tom Moore\My Documents\Downloads\wowclient-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Documents and Settings\Tom Moore\Desktop\wowclient-downloader.exe"="C:\Documents and Settings\Tom Moore\Desktop\wowclient-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{924c159c-7d57-11da-b3a0-00038a000015}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdbc732c-ea1c-11db-b474-00142291bfd1}]
shell\AutoRun\command - E:\autorun.exe


======List of files/folders created in the last 3 months======

2008-12-08 18:52:41 ----D---- C:\WINDOWS\ERDNT
2008-12-08 17:42:42 ----D---- C:\VundoFix Backups
2008-12-07 02:28:46 ----A---- C:\WINDOWS\st_affiliate.ini
2008-12-06 18:14:32 ----D---- C:\_OTMoveIt
2008-12-06 18:12:06 ----D---- C:\Program Files\trend micro
2008-12-06 18:12:02 ----D---- C:\rsit
2008-12-06 13:53:58 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Malwarebytes
2008-12-06 13:53:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-06 13:53:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-06 12:59:01 ----D---- C:\_OTScanIt
2008-12-04 22:25:34 ----SH---- C:\WINDOWS\system32\orewotek.ini
2008-12-04 05:40:23 ----SH---- C:\WINDOWS\system32\egojavet.ini
2008-12-03 20:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-03 20:11:59 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-03 20:11:59 ----D---- C:\Documents and Settings\Tom Moore\Application Data\SUPERAntiSpyware.com
2008-12-03 20:11:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-03 17:39:29 ----SH---- C:\WINDOWS\system32\luhuwuji.exe
2008-12-03 02:38:41 ----SH---- C:\WINDOWS\system32\dewegabu.exe
2008-12-02 22:35:24 ----A---- C:\VundoFix.txt
2008-12-02 22:17:57 ----D---- C:\Program Files\Common Files\xing shared
2008-12-02 21:37:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 21:20:38 ----D---- C:\Program Files\Spyware Doctor
2008-12-02 21:20:38 ----D---- C:\Documents and Settings\Tom Moore\Application Data\PC Tools
2008-12-02 21:12:34 ----D---- C:\Program Files\Norton Security Scan
2008-12-02 21:06:44 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-01 21:11:26 ----ASH---- C:\WINDOWS\system32\sslqktqg.ini
2008-12-01 21:10:45 ----A---- C:\WINDOWS\system32\57f6a6d9-.txt
2008-12-01 21:09:50 ----ASH---- C:\WINDOWS\system32\Hilopqru.ini2
2008-12-01 21:09:50 ----ASH---- C:\WINDOWS\system32\Hilopqru.ini
2008-12-01 21:05:30 ----A---- C:\WINDOWS\system32\g60.exe
2008-12-01 21:05:17 ----SHD---- C:\WINDOWS\VG9tIE1vb3Jl
2008-12-01 21:04:42 ----D---- C:\WINDOWS\system32\uv9
2008-12-01 21:04:42 ----D---- C:\WINDOWS\system32\ki3
2008-12-01 21:04:42 ----D---- C:\WINDOWS\system32\hov
2008-12-01 21:04:42 ----D---- C:\WINDOWS\system32\bin
2008-12-01 21:04:41 ----D---- C:\WINDOWS\system32\VC
2008-11-13 09:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 09:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 09:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 02:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 02:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-12 01:00:01 ----D---- C:\WINDOWS\Prefetch
2008-10-12 00:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-12 00:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-12 00:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-12 00:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-12 00:19:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-12 00:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-12 00:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-12 00:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-12 00:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-12 00:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-12 00:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-12 00:01:46 ----D---- C:\WINDOWS\system32\scripting
2008-10-12 00:01:44 ----D---- C:\WINDOWS\l2schemas
2008-10-12 00:01:42 ----D---- C:\WINDOWS\system32\en
2008-10-12 00:01:41 ----D---- C:\WINDOWS\system32\bits
2008-10-11 23:53:51 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-11 23:33:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-09 22:01:49 ----D---- C:\Program Files\iTunes
2008-10-09 22:01:49 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 21:59:37 ----D---- C:\Program Files\Bonjour
2008-10-09 21:58:19 ----D---- C:\Program Files\QuickTime
2008-10-09 21:38:26 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-09 21:38:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-09 21:38:26 ----A---- C:\WINDOWS\system32\java.exe
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-18 21:16:35 ----SHD---- C:\Config.Msi
2008-09-15 07:10:10 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Viewpoint

======List of files/folders modified in the last 3 months======

2008-12-13 10:23:05 ----D---- C:\Program Files
2008-12-13 10:22:40 ----D---- C:\WINDOWS
2008-12-13 10:22:38 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 10:22:35 ----RSD---- C:\WINDOWS\assembly
2008-12-13 10:20:22 ----D---- C:\WINDOWS\Temp
2008-12-13 10:19:55 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-13 10:19:50 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-13 10:18:08 ----D---- C:\WINDOWS\Registration
2008-12-13 10:13:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-12 17:21:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-12 17:17:29 ----D---- C:\Program Files\Google
2008-12-12 17:16:55 ----SHD---- C:\WINDOWS\Installer
2008-12-12 17:16:40 ----SD---- C:\WINDOWS\Tasks
2008-12-09 21:59:02 ----D---- C:\WINDOWS\system32
2008-12-08 19:14:55 ----D---- C:\Program Files\Azureus
2008-12-08 17:45:27 ----A---- C:\WINDOWS\win.ini
2008-12-07 02:23:18 ----HD---- C:\WINDOWS\inf
2008-12-06 18:17:37 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-06 11:51:08 ----SHD---- C:\WINDOWS\CSC
2008-12-04 08:57:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 20:11:16 ----D---- C:\Program Files\Common Files
2008-12-03 18:58:45 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-03 18:53:01 ----D---- C:\WINDOWS\WinSxS
2008-12-03 18:51:34 ----D---- C:\Program Files\Internet Explorer
2008-12-03 18:47:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-02 22:17:50 ----D---- C:\Program Files\Common Files\Real
2008-12-02 22:17:46 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-12-02 22:17:32 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-12-02 22:17:32 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-12-02 22:17:28 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-02 22:17:27 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-12-02 21:12:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-01 21:04:52 ----D---- C:\temp
2008-12-01 20:48:42 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Azureus
2008-11-24 20:16:48 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-22 17:35:05 ----D---- C:\WINDOWS\Help
2008-11-15 11:24:36 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Move Networks
2008-11-13 09:03:13 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 09:02:42 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 20:09:50 ----D---- C:\Documents and Settings\Tom Moore\Application Data\Adobe
2008-11-01 13:04:56 ----D---- C:\Documents and Settings\Tom Moore\Application Data\EndNote
2008-11-01 13:04:37 ----D---- C:\Program Files\EndNote
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 10:09:44 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-12 01:01:08 ----A---- C:\WINDOWS\setuplog.txt
2008-10-12 00:59:01 ----D---- C:\WINDOWS\system32\Setup
2008-10-12 00:59:01 ----D---- C:\WINDOWS\ime
2008-10-12 00:59:01 ----D---- C:\WINDOWS\AppPatch
2008-10-12 00:58:58 ----D---- C:\WINDOWS\system32\wbem
2008-10-12 00:58:55 ----RSD---- C:\WINDOWS\Fonts
2008-10-12 00:57:50 ----D---- C:\WINDOWS\security
2008-10-12 00:18:01 ----D---- C:\Program Files\Messenger
2008-10-12 00:02:41 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-12 00:02:40 ----D---- C:\WINDOWS\network diagnostic
2008-10-12 00:01:49 ----D---- C:\WINDOWS\system32\usmt
2008-10-12 00:01:49 ----D---- C:\WINDOWS\system32\en-US
2008-10-12 00:01:41 ----D---- C:\WINDOWS\PeerNet
2008-10-12 00:01:41 ----D---- C:\Program Files\Movie Maker
2008-10-11 23:53:32 ----D---- C:\WINDOWS\system32\Restore
2008-10-11 23:53:31 ----D---- C:\WINDOWS\system32\npp
2008-10-11 23:53:31 ----D---- C:\WINDOWS\mui
2008-10-11 23:53:29 ----D---- C:\WINDOWS\msagent
2008-10-11 23:53:27 ----D---- C:\WINDOWS\srchasst
2008-10-11 23:53:25 ----D---- C:\Program Files\NetMeeting
2008-10-11 23:53:23 ----D---- C:\WINDOWS\system32\Com
2008-10-11 23:53:18 ----D---- C:\Program Files\Windows NT
2008-10-11 23:53:17 ----D---- C:\Program Files\Outlook Express
2008-10-11 23:53:12 ----D---- C:\Program Files\Common Files\System
2008-10-11 23:52:12 ----D---- C:\WINDOWS\system32\oobe
2008-10-11 23:51:58 ----D---- C:\WINDOWS\system
2008-10-11 23:41:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-11 23:33:19 ----D---- C:\WINDOWS\ehome
2008-10-09 22:02:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-09 22:01:53 ----D---- C:\Program Files\iPod
2008-10-09 21:58:29 ----D---- C:\Program Files\Common Files\Apple
2008-10-09 21:38:25 ----D---- C:\Program Files\Java
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-18 21:17:41 ----D---- C:\Program Files\Apple Software Update

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-12-03 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-12-03 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-05 21425]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 drvnddm;drvnddm; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2007-08-26 28672]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-24 190560]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-02-08 5185]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-08-09 156288]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-06-02 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-06-02 161392]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005-04-07 1421336]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-06-23 19648]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-02 168432]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-12-03 1079176]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-06-23 1715904]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c95ca74e23c752;Google Update Service (gupdate1c95ca74e23c752); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-12-12 119280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-06-02 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-06-23 124608]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windo

Attached Files

  • Attached File  log.txt   48.19KB   197 downloads

Edited by mtrigact, 13 December 2008 - 02:47 PM.

  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mtrigact,


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt and a new HijackThis log in your next reply for further review.
  • 0

#9
mtrigact

mtrigact

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the two logs. I am going to post them in text and also upload them so if they get cut off again you will have them. Thanks for your help with this.

T




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:07 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\SMARTD~2\SDPhotoBar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\SMARTD~2\SDPhotoBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169263919712
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - https://stores.music...NugsActiveX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c95ca74e23c752) (gupdate1c95ca74e23c752) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13337 bytes


ComboFix 08-12-13.03 - Tom Moore 2008-12-13 17:49:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.409 [GMT -5:00]
Running from: c:\documents and settings\Tom Moore\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom Moore\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\system32\bin
c:\windows\system32\bszip.dll
c:\windows\system32\egojavet.ini
c:\windows\system32\Hilopqru.ini
c:\windows\system32\Hilopqru.ini2
c:\windows\system32\ki3
c:\windows\system32\orewotek.ini
c:\windows\system32\sslqktqg.ini
c:\windows\system32\uv9
c:\windows\system32\VC

.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-08 17:42 . 2008-12-08 17:42 <DIR> d-------- C:\VundoFix Backups
2008-12-07 02:28 . 2008-12-07 02:28 77 --a------ c:\windows\st_affiliate.ini
2008-12-06 18:14 . 2008-12-06 18:14 <DIR> d-------- C:\_OTMoveIt
2008-12-06 18:12 . 2008-12-13 10:29 <DIR> d-------- C:\rsit
2008-12-06 18:12 . 2008-12-08 19:18 <DIR> d-------- c:\program files\trend micro
2008-12-06 13:53 . 2008-12-08 18:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-06 13:53 . 2008-12-06 13:53 <DIR> d-------- c:\documents and settings\Tom Moore\Application Data\Malwarebytes
2008-12-06 13:53 . 2008-12-06 13:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-06 13:53 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-06 13:53 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-06 12:59 . 2008-12-06 12:59 <DIR> d-------- C:\_OTScanIt
2008-12-03 20:12 . 2008-12-03 20:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-03 20:11 . 2008-12-13 10:17 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-03 20:11 . 2008-12-03 20:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-03 20:11 . 2008-12-03 20:11 <DIR> d-------- c:\documents and settings\Tom Moore\Application Data\SUPERAntiSpyware.com
2008-12-03 17:39 . 2008-12-03 17:39 2,713 ---hs---- c:\windows\system32\luhuwuji.exe
2008-12-03 02:38 . 2008-12-03 02:38 2,713 ---hs---- c:\windows\system32\dewegabu.exe
2008-12-02 22:17 . 2008-12-02 22:17 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-02 21:37 . 2008-12-13 10:23 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 21:20 . 2008-12-13 01:24 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-02 21:20 . 2008-12-02 21:20 <DIR> d-------- c:\documents and settings\Tom Moore\Application Data\PC Tools
2008-12-02 21:20 . 2008-12-03 20:03 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-02 21:20 . 2008-12-03 20:03 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-02 21:20 . 2008-12-03 20:03 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-02 21:20 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-02 21:12 . 2008-12-02 21:15 <DIR> d-------- c:\program files\Norton Security Scan
2008-12-02 21:06 . 2008-12-13 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-01 21:05 . 2008-12-02 08:39 <DIR> d--hs---- c:\windows\VG9tIE1vb3Jl
2008-12-01 21:05 . 2008-12-01 21:05 192,604 --a------ c:\windows\system32\g60.exe
2008-12-01 21:04 . 2008-12-09 10:31 <DIR> d-------- c:\windows\system32\hov

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 23:08 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-12 22:17 --------- d-----w c:\program files\Google
2008-12-09 00:14 --------- d-----w c:\program files\Azureus
2008-12-03 03:17 --------- d-----w c:\program files\Common Files\Real
2008-12-03 02:12 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-02 01:48 --------- d-----w c:\documents and settings\Tom Moore\Application Data\Azureus
2008-11-15 16:24 --------- d-----w c:\documents and settings\Tom Moore\Application Data\Move Networks
2008-11-01 18:04 --------- d-----w c:\program files\EndNote
2008-11-01 18:04 --------- d-----w c:\documents and settings\Tom Moore\Application Data\EndNote
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2006-11-18 18:18 35,888 ----a-w c:\documents and settings\Tom Moore\Application Data\GDIPFONTCACHEV1.DAT
2006-07-07 21:17 56 --sh--r c:\windows\system32\84F673CE77.sys
2006-07-07 21:17 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"SDPhotoBar.exe"="c:\smartd~2\SDPhotoBar.exe" [2003-01-10 192512]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]
"DellSupport-"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-13 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-10 169984]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"PMX Daemon"="ICO.EXE" [2006-06-09 c:\windows\system32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-12-02 136768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-01-04 49254]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-01-04 1425424]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-27 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-13 10:17 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-12-12 99376]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S2 gupdate1c95ca74e23c752;Google Update Service (gupdate1c95ca74e23c752);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-12-12 119280]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2005-06-23 124608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-02 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{924c159c-7d57-11da-b3a0-00038a000015}]
\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdbc732c-ea1c-11db-b474-00142291bfd1}]
\Shell\AutoRun\command - E:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-12-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 17:16]

2008-12-12 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (TMOORESCHOOL-Tom Moore).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-12-03 c:\windows\Tasks\Norton Security Scan for Tom Moore.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Notify-vtUnmJDU - vtUnmJDU.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 19:08:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-13 19:15:03 - machine was rebooted [Tom Moore]
ComboFix-quarantined-files.txt 2008-12-14 00:14:38

Pre-Run: 13,409,017,856 bytes free
Post-Run: 13,329,514,496 bytes free

232 --- E O F --- 2008-11-13 14:07:05

Attached Files


  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mtrigact,


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\luhuwuji.exe
c:\windows\system32\dewegabu.exe
c:\windows\system32\g60.exe

Folder::
c:\windows\VG9tIE1vb3Jl
c:\windows\system32\hov

SysRst::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements


#11
mtrigact

mtrigact

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Jimmy2012 -

Here's the latest scans. I also added them as attachments. Hope it is helpful. Thanks so much.

T




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:54 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\SMARTD~2\SDPhotoBar.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\SMARTD~2\SDPhotoBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169263919712
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - https://stores.music...NugsActiveX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c95ca74e23c752) (gupdate1c95ca74e23c752) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13266 bytes



ComboFix 08-12-13.03 - Tom Moore 2008-12-13 23:14:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.473 [GMT -5:00]
Running from: c:\documents and settings\Tom Moore\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom Moore\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\dewegabu.exe
c:\windows\system32\g60.exe
c:\windows\system32\luhuwuji.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dewegabu.exe
c:\windows\system32\g60.exe
c:\windows\system32\hov
c:\windows\system32\luhuwuji.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-08 17:42 . 2008-12-08 17:42 <DIR> d-------- C:\VundoFix Backups
2008-12-07 02:28 . 2008-12-07 02:28 77 --a------ c:\windows\st_affiliate.ini
2008-12-06 18:14 . 2008-12-06 18:14 <DIR> d-------- C:\_OTMoveIt
2008-12-06 18:12 . 2008-12-13 10:29 <DIR> d-------- C:\rsit
2008-12-06 18:12 . 2008-12-08 19:18 <DIR> d-------- c:\program files\trend micro
2008-12-06 13:53 . 2008-12-08 18:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-06 13:53 . 2008-12-06 13:53 <DIR> d-------- c:\documents and settings\Tom Moore\Application Data\Malwarebytes
2008-12-06 13:53 . 2008-12-06 13:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-06 13:53 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-06 13:53 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-06 12:59 . 2008-12-06 12:59 <DIR> d-------- C:\_OTScanIt
2008-12-03 20:12 . 2008-12-03 20:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-03 20:11 . 2008-12-13 10:17 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-03 20:11 . 2008-12-03 20:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-03 20:11 . 2008-12-03 20:11 <DIR> d-------- c:\documents and settings\Tom Moore\Application Data\SUPERAntiSpyware.com
2008-12-02 22:17 . 2008-12-02 22:17 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-02 21:37 . 2008-12-13 10:23 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 21:20 . 2008-12-13 01:24 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-02 21:20 . 2008-12-02 21:20 <DIR> d-------- c:\documents and settings\Tom Moore\Application Data\PC Tools
2008-12-02 21:20 . 2008-12-03 20:03 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-02 21:20 . 2008-12-03 20:03 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-02 21:20 . 2008-12-03 20:03 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-02 21:20 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-02 21:12 . 2008-12-02 21:15 <DIR> d-------- c:\program files\Norton Security Scan
2008-12-02 21:06 . 2008-12-13 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-01 21:05 . 2008-12-02 08:39 <DIR> d--hs---- c:\windows\VG9tIE1vb3Jl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 04:08 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-12 22:17 --------- d-----w c:\program files\Google
2008-12-09 00:14 --------- d-----w c:\program files\Azureus
2008-12-03 03:17 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-03 03:17 --------- d-----w c:\program files\Common Files\Real
2008-12-03 02:12 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-02 01:48 --------- d-----w c:\documents and settings\Tom Moore\Application Data\Azureus
2008-11-15 16:24 --------- d-----w c:\documents and settings\Tom Moore\Application Data\Move Networks
2008-11-01 18:04 --------- d-----w c:\program files\EndNote
2008-11-01 18:04 --------- d-----w c:\documents and settings\Tom Moore\Application Data\EndNote
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2006-11-18 18:18 35,888 ----a-w c:\documents and settings\Tom Moore\Application Data\GDIPFONTCACHEV1.DAT
2006-07-07 21:17 56 --sh--r c:\windows\system32\84F673CE77.sys
2006-07-07 21:17 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.DLL
2008-12-02 20:46 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069440.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.exe
2008-12-02 21:30 38052 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069441.exe

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.DLL
2008-12-02 20:46 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069443.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.exe
2008-12-01 21:04 147112 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069320.exe

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP10.DLL
2008-12-02 20:56 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069444.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP11.DLL
2008-12-02 20:56 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069445.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.DLL
2008-12-02 20:56 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069446.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP13.DLL
2008-12-02 20:56 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069447.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP14.DLL
2008-12-02 20:56 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069448.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP15.dll
2008-12-02 20:56 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069449.dll

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP16.dll
2008-12-02 20:56 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069450.dll

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP17.dll
2008-12-02 20:56 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069451.dll

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP18.DLL
2008-12-02 21:09 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069452.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP19.DLL
2008-12-02 21:09 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069453.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP2.DLL
2008-12-02 20:46 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069454.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP2.exe
2008-12-01 21:05 551148 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069332.exe

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP20.DLL
2008-12-02 21:09 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069455.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP21.DLL
2008-12-02 21:09 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069456.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP22.DLL
2008-12-02 21:09 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069457.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP23.DLL
2008-12-02 21:09 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069458.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP24.dll
2008-12-02 21:09 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069459.dll

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP25.dll
2008-12-02 21:09 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069460.dll

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP26.dll
2008-12-02 21:09 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069461.dll

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP3.DLL
2008-12-02 20:46 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069462.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP4.DLL
2008-12-02 20:46 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069463.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.DLL
2008-12-02 20:46 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069464.DLL

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.dll
2008-12-02 20:46 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069465.dll

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP7.dll
2008-12-02 20:46 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069466.dll

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP8.dll
2008-12-02 20:46 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069467.dll

c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP9.DLL
2008-12-02 20:56 0 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069468.DLL

c:\documents and settings\Tom Moore\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2008-06-10 20:09 10134 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069839.exe

c:\documents and settings\Tom Moore\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2008-06-10 20:09 8854 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069840.exe

c:\documents and settings\Tom Moore\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2008-06-10 20:09 40960 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069841.exe

2008-12-03 20:07 15870152 c:\documents and settings\Tom Moore\Desktop\InstallCyberDefenderEDC-294608.exe
2008-12-03 20:07 15870152 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071217.exe

c:\documents and settings\Tom Moore\Desktop\mbam-setup.exe
2008-12-06 13:20 2538616 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP763\A0072323.exe

2008-12-03 20:05 5738016 c:\documents and settings\Tom Moore\Desktop\SUPERAntiSpyware.exe
2008-12-03 20:05 5738016 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071218.exe

c:\documents and settings\Tom Moore\Local Settings\Application Data\CyberDefender\cdmyidd.dll
2008-12-07 01:40 3958088 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP764\A0072344.dll

c:\program files\Azureus\aereg.dll
2006-02-23 14:50 69632 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP764\A0072357.dll

c:\program files\Azureus\Azureus.exe
2006-02-23 12:43 155648 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP764\A0072352.exe

c:\program files\Azureus\swt-awt-win32-3139.dll
2005-09-29 11:05 32768 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP764\A0072354.dll

c:\program files\Azureus\swt-gdip-win32-3139.dll
2005-09-29 11:05 69632 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP764\A0072355.dll

c:\program files\Azureus\swt-win32-3139.dll
2005-09-29 11:05 315392 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP764\A0072353.dll

2008-12-02 22:17 90112 c:\program files\Common Files\Real\Codecs\atrc.dll
2006-03-10 19:06 77889 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069655.dll

2008-12-02 22:17 77824 c:\program files\Common Files\Real\Codecs\cook.dll
2006-03-10 19:06 65602 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069654.dll

2008-12-02 22:17 106496 c:\program files\Common Files\Real\Codecs\drv1.dll
2006-03-10 19:06 102464 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069658.dll

2008-12-02 22:17 180224 c:\program files\Common Files\Real\Codecs\drv2.dll
2006-03-10 19:06 176195 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069659.dll

2008-12-02 22:17 286720 c:\program files\Common Files\Real\Codecs\drvc.dll
2006-03-10 19:06 327749 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069660.dll

2008-12-02 22:17 557056 c:\program files\Common Files\Real\Codecs\raac.dll
2006-03-10 19:06 553036 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069653.dll

2008-12-02 22:17 35328 c:\program files\Common Files\Real\Codecs\rv10.dll
2006-03-10 19:06 49216 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069661.dll

2008-12-02 22:17 57344 c:\program files\Common Files\Real\Codecs\rv20.dll
2006-03-10 19:06 57411 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069662.dll

2008-12-02 22:17 53248 c:\program files\Common Files\Real\Codecs\rv30.dll
2006-03-10 19:06 49221 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069663.dll

2008-12-02 22:17 49152 c:\program files\Common Files\Real\Codecs\rv40.dll
2006-03-10 19:06 49221 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069664.dll

2008-12-02 22:17 139264 c:\program files\Common Files\Real\Codecs\sipr.dll
2006-03-10 19:06 106561 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069652.dll

2008-12-02 22:17 163840 c:\program files\Common Files\Real\Common\objb3201.dll
2006-03-10 19:06 172077 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069688.dll

2008-12-02 22:17 1486848 c:\program files\Common Files\Real\Common\pnen3260.dll
2006-03-10 19:05 1306675 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069489.dll

2008-12-02 22:17 413696 c:\program files\Common Files\Real\Common\pngu3267.dll
2006-03-10 19:05 421927 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069560.dll

2008-12-02 22:17 12800 c:\program files\Common Files\Real\Common\pnrs3260.dll
2006-03-10 19:05 28717 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069561.dll

2008-12-02 22:17 147456 c:\program files\Common Files\Real\Common\rjbviz.dll
2006-03-10 19:06 147497 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069682.dll

2008-12-02 22:17 12288 c:\program files\Common Files\Real\Common\rppr3260.dll
2006-03-10 19:05 28715 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069557.dll

2008-12-02 22:18 26112 c:\program files\Common Files\Real\Common\rpun3260.dll
2006-03-10 19:07 36909 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069484.dll

2008-12-02 22:17 30208 c:\program files\Common Files\Real\Common\security.dll
2006-03-10 19:06 45103 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069743.dll

2008-12-02 22:17 81920 c:\program files\Common Files\Real\Common\twebbrowse.dll
2006-03-10 19:05 81969 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069528.dll

2008-12-02 22:17 110592 c:\program files\Common Files\Real\GToolbar\barcontrol.dll
2006-03-10 19:06 102400 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069695.dll

2008-12-02 22:17 77824 c:\program files\Common Files\Real\Plugins\aacff.dll
2006-03-10 19:06 69689 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069700.dll

2008-12-02 22:17 135168 c:\program files\Common Files\Real\Plugins\audplin.dll
2006-03-10 19:06 86075 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069714.dll

2008-12-02 22:17 45056 c:\program files\Common Files\Real\Plugins\authmgr.dll
2006-03-10 19:05 49207 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069507.dll

2008-12-02 22:17 17408 c:\program files\Common Files\Real\Plugins\cdda3260.dll
2006-03-10 19:05 36909 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069506.dll

2008-12-02 22:17 25088 c:\program files\Common Files\Real\Plugins\clbascauth.dll
2006-03-10 19:05 41023 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069505.dll

2008-12-02 22:17 44032 c:\program files\Common Files\Real\Plugins\clntxres.dll
2006-03-10 19:05 53296 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069485.dll

2008-12-02 22:17 73728 c:\program files\Common Files\Real\Plugins\cont3260.dll
2006-03-10 19:06 69677 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069711.dll

2008-12-02 22:18 233472 c:\program files\Common Files\Real\Plugins\fpsechnd.dll
2006-03-10 19:07 233472 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069776.dll

2008-12-02 22:17 204800 c:\program files\Common Files\Real\Plugins\httpfsys.dll
2006-03-10 19:05 172084 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069504.dll

2008-12-02 22:17 49152 c:\program files\Common Files\Real\Plugins\hxsdp.dll
2006-03-10 19:05 41006 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069503.dll

2008-12-02 22:17 90112 c:\program files\Common Files\Real\Plugins\hxxml.dll
2006-03-10 19:06 86065 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069683.dll

2008-12-02 22:17 507904 c:\program files\Common Files\Real\Plugins\imgrender.dll
2006-03-10 19:06 528445 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069672.dll

2008-12-02 22:17 86016 c:\program files\Common Files\Real\Plugins\memfsys.dll
2006-03-10 19:05 77877 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069502.dll

2008-12-02 22:17 53248 c:\program files\Common Files\Real\Plugins\mp3fformat.dll
2006-03-10 19:06 45118 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069680.dll

2008-12-02 22:17 69632 c:\program files\Common Files\Real\Plugins\mp3metaff.dll
2006-03-10 19:06 65596 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069681.dll

2008-12-02 22:17 163840 c:\program files\Common Files\Real\Plugins\mp3render.dll
2006-03-10 19:06 151614 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069679.dll

2008-12-02 22:17 135168 c:\program files\Common Files\Real\Plugins\mp4arender.dll
2006-03-10 19:06 127045 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069699.dll

2008-12-02 22:17 90112 c:\program files\Common Files\Real\Plugins\mp4fformat.dll
2006-03-10 19:06 73790 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069698.dll

2008-12-02 22:17 122880 c:\program files\Common Files\Real\Plugins\mp4wrtr.dll
2006-03-10 19:06 98366 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069721.dll

2008-12-02 22:17 69632 c:\program files\Common Files\Real\Plugins\mpgfformat.dll
2006-03-10 19:06 69694 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069717.dll

2008-12-02 22:17 184320 c:\program files\Common Files\Real\Plugins\mpgrender.dll
2006-03-10 19:06 172094 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069716.dll

2008-12-02 22:17 29184 c:\program files\Common Files\Real\Plugins\ntlmauth.dll
2006-03-10 19:05 45116 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069501.dll

2008-12-02 22:17 364544 c:\program files\Common Files\Real\Plugins\pacplin.dll
2006-03-10 19:05 360501 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069500.dll

2008-12-02 22:18 65536 c:\program files\Common Files\Real\Plugins\pdgenxferfsys.dll
2006-03-10 19:07 73783 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069788.dll

2008-12-02 22:17 73728 c:\program files\Common Files\Real\Plugins\plusplin.dll
2006-03-10 19:05 57398 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069499.dll

2008-12-02 22:17 24064 c:\program files\Common Files\Real\Plugins\pxcb3210.dll
2006-03-10 19:05 41003 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069498.dll

2008-12-02 22:17 31744 c:\program files\Common Files\Real\Plugins\ramfformat.dll
2006-03-10 19:05 45118 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069497.dll

2008-12-02 22:17 77824 c:\program files\Common Files\Real\Plugins\ramrender.dll
2006-03-10 19:05 57406 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069496.dll

2008-12-02 22:17 159744 c:\program files\Common Files\Real\Plugins\rarender.dll
2006-03-10 19:06 151618 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069656.dll

2008-12-02 22:17 19968 c:\program files\Common Files\Real\Plugins\recf3260.dll
2006-03-10 19:06 36909 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069712.dll

2008-12-02 22:17 184320 c:\program files\Common Files\Real\Plugins\rmfformat.dll
2006-03-10 19:05 176191 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069495.dll

2008-12-02 22:17 278528 c:\program files\Common Files\Real\Plugins\rmwrtr.dll
2006-03-10 19:06 282684 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069720.dll

2008-12-02 22:18 35328 c:\program files\Common Files\Real\Plugins\rmxfpln.dll
2006-03-10 19:06 65579 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069750.dll

2008-12-02 22:17 90112 c:\program files\Common Files\Real\Plugins\rmxrend.dll
2006-03-10 19:06 106538 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069741.dll

2008-12-02 22:17 53248 c:\program files\Common Files\Real\Plugins\rn5auth.dll
2006-03-10 19:05 45114 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069494.dll

2008-12-02 22:17 114688 c:\program files\Common Files\Real\Plugins\rtfformat.dll
2006-03-10 19:06 110657 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069671.dll

2008-12-02 22:17 135168 c:\program files\Common Files\Real\Plugins\rtrender.dll
2006-03-10 19:06 122942 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069670.dll

2008-12-02 22:17 159744 c:\program files\Common Files\Real\Plugins\rvrender.dll
2006-03-10 19:06 172096 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069657.dll

2008-12-02 22:17 49152 c:\program files\Common Files\Real\Plugins\sdpplin.dll
2006-03-10 19:06 45111 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069676.dll

2008-12-02 22:17 30208 c:\program files\Common Files\Real\Plugins\security.dll
2006-03-10 19:06 45103 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069742.dll

2008-12-02 22:17 61440 c:\program files\Common Files\Real\Plugins\smlfformat.dll
2006-03-10 19:05 61503 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069493.dll

2008-12-02 22:17 520192 c:\program files\Common Files\Real\Plugins\smlrender.dll
2006-03-10 19:05 528444 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069492.dll

2008-12-02 22:17 61440 c:\program files\Common Files\Real\Plugins\smmrender.dll
2006-03-10 19:05 57412 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069491.dll

2008-12-02 22:17 86016 c:\program files\Common Files\Real\Plugins\smplfsys.dll
2006-03-10 19:05 69685 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069488.dll

2008-12-02 22:17 17920 c:\program files\Common Files\Real\Plugins\stubdrm.dll
2006-03-10 19:06 32818 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069675.dll

2008-12-02 22:17 114688 c:\program files\Common Files\Real\Plugins\swfformat.dll
2006-03-10 19:06 94274 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069666.dll

2008-12-02 22:17 630784 c:\program files\Common Files\Real\Plugins\swfrender.dll
2006-03-10 19:06 614464 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069665.dll

2008-12-02 22:18 57344 c:\program files\Common Files\Real\Plugins\tfilesys.dll
2006-03-10 19:06 57389 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069749.dll

2008-12-02 22:17 176128 c:\program files\Common Files\Real\Plugins\vidplin.dll
2006-03-10 19:06 167995 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069715.dll

2008-12-02 22:17 376832 c:\program files\Common Files\Real\Plugins\vidsite.dll
2006-03-10 19:05 376881 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069490.dll

2008-12-02 22:17 172032 c:\program files\Common Files\Real\Plugins\wm9fformat.dll
2006-03-10 19:06 176128 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069707.dll

2008-12-02 22:17 14848 c:\program files\Common Files\Real\Plugins\wm9writer.dll
2006-03-10 19:06 28719 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069706.dll

2008-12-02 22:17 172032 c:\program files\Common Files\Real\Plugins\wmsechnd.dll
2006-03-10 19:06 180224 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069704.dll

2008-12-02 22:17 167936 c:\program files\Common Files\Real\Plugins\zipf3260.dll
2006-03-10 19:05 172075 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069487.dll

2008-12-02 22:17 139264 c:\program files\Common Files\Real\RCAPlugins\gct23201.dll
2006-03-10 19:06 151597 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069687.dll

2008-12-02 22:17 77824 c:\program files\Common Files\Real\RCAPlugins\gema3201.dll
2006-03-10 19:06 90158 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069690.dll

2008-12-02 22:17 450560 c:\program files\Common Files\Real\RCAPlugins\gemx3201.dll
2006-03-10 19:06 438318 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069689.dll

2008-12-02 22:17 102400 c:\program files\Common Files\Real\RCAPlugins\locd3210.dll
2006-03-10 19:06 102441 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069710.dll

2008-12-02 22:17 724992 c:\program files\Common Files\Real\RCAPlugins\rpcontrols1.dll
2006-03-10 19:06 733230 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069685.dll

2008-12-02 22:17 647168 c:\program files\Common Files\Real\RCAPlugins\rpcontrols2.dll
2006-03-10 19:06 667694 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069684.dll

2008-12-02 22:17 348160 c:\program files\Common Files\Real\RCAPlugins\sonr3210.dll
2006-03-10 19:06 196667 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069713.dll

2008-12-02 22:17 389120 c:\program files\Common Files\Real\RCAPlugins\uisy3201.dll
2006-03-10 19:06 426027 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069686.dll

2008-12-02 22:17 57344 c:\program files\Common Files\Real\RCAPlugins\xmlc3201.dll
2006-03-10 19:06 53294 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069691.dll

2008-12-02 22:17 368640 c:\program files\Common Files\Real\Update_OB\faus3270.dll
2006-03-10 19:05 385063 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069477.dll

2008-12-02 22:17 24064 c:\program files\Common Files\Real\Update_OB\pnmi3270.dll
2006-03-10 19:05 36909 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069478.dll

2008-12-02 22:17 192512 c:\program files\Common Files\Real\Update_OB\r1puninst.exe
2006-03-10 19:05 184366 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069471.exe

2008-12-02 22:17 69632 c:\program files\Common Files\Real\Update_OB\realonemessagecenter.exe
2006-03-10 19:05 69688 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069481.exe

2008-12-02 22:17 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
2006-03-10 19:05 180269 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069480.exe

2008-12-02 22:17 98304 c:\program files\Common Files\Real\Update_OB\rnad3201.dll
2006-03-10 19:05 98347 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069479.dll

2008-12-02 22:17 319488 c:\program files\Common Files\Real\Update_OB\rnms3270.dll
2006-03-10 19:05 327719 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069483.dll

2008-12-02 22:17 303104 c:\program files\Common Files\Real\Update_OB\rnqu3270.dll
2006-03-10 19:05 303147 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069476.dll

2008-12-02 22:17 176128 c:\program files\Common Files\Real\Update_OB\rnup3270.dll
2006-03-10 19:05 167979 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069475.dll

2008-12-02 22:17 58952 c:\program files\Common Files\Real\Update_OB\rnxproc.exe
2006-03-10 19:05 53291 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069482.exe

2008-12-02 22:17 311296 c:\program files\Common Files\Real\Update_OB\setu3270.dll
2006-03-10 19:05 294955 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069472.dll

2008-12-02 22:17 323584 c:\program files\Common Files\Real\Update_OB\upgr3270.dll
2006-03-10 19:05 335917 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069474.dll

2008-12-02 22:17 136768 c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe
2006-03-10 19:05 127021 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0069473.exe

2008-09-17 03:00 99376 c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys
2008-09-17 03:00 99376 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069345.sys
2008-09-17 03:00 99376 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP768\A0072624.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081129.002\CCERASER.DLL
2008-11-20 04:00 2393648 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069402.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081129.002\ECMSVR32.DLL
2008-11-20 04:00 259368 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069404.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081129.002\eeCtrl.sys
2008-09-17 03:00 371248 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069405.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081129.002\eraser.sys
2008-09-17 03:00 99376 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069407.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081129.002\NAVENG.SYS
2008-11-20 04:00 89104 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069408.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20081129.002\NAVENG32.DLL
2008-11-20 04:00 177520 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069410.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081129.002\NAVEX15.SYS
2008-11-20 04:00 876112 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069411.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20081129.002\NAVEX32A.DLL
2008-11-20 04:00 1181040 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP755\A0069413.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081130.004\CCERASER.DLL
2008-11-20 04:00 2393648 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069866.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081130.004\ECMSVR32.DLL
2008-11-20 04:00 259368 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069868.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081130.004\eeCtrl.sys
2008-09-17 03:00 371248 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069869.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081130.004\eraser.sys
2008-09-17 03:00 99376 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069871.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081130.004\NAVENG.SYS
2008-11-20 04:00 89104 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069872.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20081130.004\NAVENG32.DLL
2008-11-20 04:00 177520 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069874.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081130.004\NAVEX15.SYS
2008-11-20 04:00 876112 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069875.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20081130.004\NAVEX32A.DLL
2008-11-20 04:00 1181040 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP758\A0069877.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081202.004\CCERASER.DLL
2008-11-20 04:00 2393648 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071198.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081202.004\ECMSVR32.DLL
2008-11-20 04:00 259368 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071200.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081202.004\eeCtrl.sys
2008-09-17 03:00 371248 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071201.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081202.004\eraser.sys
2008-09-17 03:00 99376 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071203.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081202.004\NAVENG.SYS
2008-11-20 04:00 89104 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071204.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20081202.004\NAVENG32.DLL
2008-11-20 04:00 177520 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071206.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081202.004\NAVEX15.SYS
2008-11-20 04:00 876112 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071207.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20081202.004\NAVEX32A.DLL
2008-11-20 04:00 1181040 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP762\A0071209.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081203.004\CCERASER.DLL
2008-11-20 04:00 2393648 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP763\A0072300.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081203.004\ECMSVR32.DLL
2008-11-20 04:00 259368 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP763\A0072302.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081203.004\eeCtrl.sys
2008-09-17 03:00 371248 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP763\A0072303.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081203.004\eraser.sys
2008-09-17 03:00 99376 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP763\A0072305.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081203.004\NAVENG.SYS
2008-11-20 04:00 89104 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP763\A0072306.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20081203.004\NAVENG32.DLL
2008-11-20 04:00 177520 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP763\A0072308.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081203.004\NAVEX15.SYS
2008-11-20 04:00 876112 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP763\A0072309.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20081203.004\NAVEX32A.DLL
2008-11-20 04:00 1181040 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP763\A0072311.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081206.003\CCERASER.DLL
2008-11-20 04:00 2393648 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP765\A0072370.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081206.003\ECMSVR32.DLL
2008-11-20 04:00 259368 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP765\A0072372.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20081206.003\eeCtrl.sys
2008-09-17 03:00 371248 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP765\A0072373.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081206.003\eraser.sys
2008-09-17 03:00 99376 {129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP765\A0072375.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20081206.003\NAVEN

Attached Files


  • 0

#12
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mtrigact,

STEP 1
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Files
    c:\windows\VG9tIE1vb3Jl
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

STEP 2
  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
~~~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt3 log
And the Malwarebytes log
  • 0

#13
mtrigact

mtrigact

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the two logs. Nothing came up on the MBAM scan. Thanks for walking me through this.

T

Malwarebytes' Anti-Malware 1.31
Database version: 1500
Windows 5.1.2600 Service Pack 3

12/14/2008 12:27:06 PM
mbam-log-2008-12-14 (12-27-06).txt

Scan type: Quick Scan
Objects scanned: 56862
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\VG9tIE1vb3Jl moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12142008_112516

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Attached Files


  • 0

#14
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mtrigact,

Thanks for walking me through this.

No problem. :)




Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#15
mtrigact

mtrigact

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the Kaspersky scan. Thanks.

T



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 12:51:47
Records in database: 1460602
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 100030
Threat name: 6
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 02:30:09


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01480000\497C9D43.VBN Infected: Trojan.Win32.Agent.aqyt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0000\46BFFD9E.VBN Infected: Virus.Win32.HLLP.Hantaner.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0000\493DB3C4.VBN Infected: Trojan.Win32.Agent.aqyt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0000.VBN Infected: Trojan.Win32.Monder.aaxp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0002.VBN Infected: Trojan.Win32.VB.hfp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15280001.VBN Infected: Trojan.Win32.Agent.aqyt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15280002.VBN Infected: Trojan.Win32.Agent.aqyt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15280003.VBN Infected: Trojan.Win32.Monder.aaxp 1
C:\Documents and Settings\Tom Moore\Desktop\OTMoveIt3.exe Infected: Backdoor.Win32.SubSeven.asv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\g60.exe.vir Infected: Trojan.Win32.Agent.asjk 1
D:\OTMoveIt3.exe Infected: Backdoor.Win32.SubSeven.asv 1

The selected area was scanned.

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP