Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

"Registry has been blocked by Administrator" and im the Admi

Started by msp4345 , Dec 20 2008 03:14 PM

Please log in to reply

#1
msp4345

Posted 20 December 2008 - 03:14 PM

Member

Member
12 posts

I was told to come here and post my problem here. A virus blocked entry into my registry and when ever i tried to access it this message pops up: "Registry editing has been disabled by your Administrator".
I've searched for solutions but all i can find are solutions for Windows XP and other systems but none for VISTA! I have Windows Vista and i need to destroy this virus ASAP.
thanks.

#2
kahdah

Posted 20 December 2008 - 03:24 PM

GeekU Teacher

Retired Staff
15,822 posts

Hello msp4345

Welcome to G2Go.

=====================

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

#3
msp4345

Posted 20 December 2008 - 04:13 PM

Member

Topic Starter
Member
12 posts

Logfile of random's system information tool 1.05 (written by random/random)
Run by BulldogMateus at 2008-12-20 13:58:24
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 158 GB (69%) free of 230 GB
Total RAM: 2038 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:55 PM, on 12/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Users\BulldogMateus\Downloads\RSIT.exe
C:\Program Files\trend micro\BulldogMateus.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/p/1.html?_pdb=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: C:\Windows\system32\siejf93.dll - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\Windows\system32\siejf93.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\Users\BULLDO~1\AppData\Local\Temp\winlogun.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\Users\BulldogMateus\AppData\Local\Temp\winlogun.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Users\BULLDO~1\AppData\Local\Temp\csrssc.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\BULLDO~1\AppData\Local\Temp\cbxvSLff.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZKxdm098MRUS
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.co...otouploader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\Windows\system32\siejf93.dll (file missing)
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11894 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForBulldogMateus.job
C:\Windows\tasks\User_Feed_Synchronization-{83C9B349-5D4B-4A48-9BC4-5AC871460459}.job
C:\Windows\tasks\User_Feed_Synchronization-{A1385D7D-0555-426E-85E9-18735BB03D56}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL [2008-11-25 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2008-11-25 417887]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-11 344944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL [2008-12-13 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5AF42A3-94F3-42BD-F434-3604832C897D}]
C:\Windows\system32\siejf93.dll - C:\Windows\system32\siejf93.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-09 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2008-11-25 417887]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-11 344944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-03-11 159744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-09 136600]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [2008-11-25 32838]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"SetPoint"=C:\Program Files\Logitech\SetPoint\KEM.EXE [2004-07-15 581632]
"jsg8jfgfdfhfhf"=C:\Users\BULLDO~1\AppData\Local\Temp\winlogun.exe []
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe []
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL []
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [2008-11-25 24688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [2008-11-25 32838]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup []
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2008-09-15 20480]
"jsg8jfgfdfhfhf"=C:\Users\BulldogMateus\AppData\Local\Temp\winlogun.exe []
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-03 3522296]
"Jnskdfmf9eldfd"=C:\Users\BULLDO~1\AppData\Local\Temp\csrssc.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"MSServer"=C:\Users\BULLDO~1\AppData\Local\Temp\cbxvSLff.dll []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Users\BulldogMateus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\Windows\system32\siejf93.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=1
"DisallowRun"=1
"ForceStartMenuLogOff"=1
"Intellimenus"=1
"NoAddPrinter"=0
"NoChangeAnimation"=0
"NoDeletePrinter"=0
"NoDesktop"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=4
"NoFind"=0
"NoInstrumentation"=0
"NoRun"=0
"NoSetFolders"=0
"NoThemesTab"=0
"NoThumbnailCache"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2008-12-20 13:58:26 ----D---- C:\Program Files\trend micro
2008-12-20 13:58:24 ----D---- C:\rsit
2008-12-17 15:41:08 ----A---- C:\Windows\system32\mshtml.dll
2008-12-16 23:04:26 ----D---- C:\Program Files\SQ916D
2008-12-16 22:56:12 ----A---- C:\aa.txt
2008-12-16 22:56:04 ----N---- C:\Windows\system32\PTTreeIcons.dll
2008-12-16 22:55:48 ----D---- C:\Program Files\Snap 'n Share
2008-12-13 17:52:47 ----D---- C:\Program Files\The Weather Channel FW
2008-12-13 17:51:46 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Sammsoft
2008-12-13 17:51:38 ----D---- C:\Program Files\Advanced Registry Optimizer
2008-12-13 16:19:18 ----D---- C:\Program Files\Symantec
2008-12-13 16:18:15 ----D---- C:\Program Files\Norton Internet Security
2008-12-13 16:17:32 ----D---- C:\Program Files\NortonInstaller
2008-12-13 16:06:56 ----SHD---- C:\Config.Msi
2008-12-11 16:05:09 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 17:52:19 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 17:52:09 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 17:52:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 17:51:23 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 17:51:12 ----A---- C:\Windows\explorer.exe
2008-12-10 17:50:51 ----A---- C:\Windows\system32\mf.dll
2008-12-10 17:50:50 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 17:50:49 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 17:50:49 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 19:22:13 ----A---- C:\Windows\system32\javaws.exe
2008-12-09 19:22:13 ----A---- C:\Windows\system32\deploytk.dll
2008-12-09 19:22:12 ----A---- C:\Windows\system32\javaw.exe
2008-12-09 19:22:12 ----A---- C:\Windows\system32\java.exe
2008-12-08 16:08:42 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-12-08 16:08:41 ----A---- C:\Windows\system32\ff_vfw.dll
2008-12-08 16:08:39 ----A---- C:\Windows\system32\pthreadGC2.dll
2008-12-08 16:08:37 ----D---- C:\Program Files\ffdshow
2008-12-08 16:04:52 ----D---- C:\Users\BulldogMateus\AppData\Roaming\DivX
2008-12-08 00:38:35 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-11-25 21:35:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 21:35:25 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 21:35:24 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 21:35:24 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 21:35:21 ----A---- C:\Windows\system32\connect.dll
2008-11-23 18:23:39 ----D---- C:\Users\BulldogMateus\AppData\Roaming\GTek
2008-11-21 21:07:20 ----D---- C:\ProgramData\Norton
2008-11-21 21:06:51 ----D---- C:\ProgramData\NortonInstaller
2008-11-21 21:04:12 ----D---- C:\Program Files\gBurner
2008-11-21 19:49:21 ----A---- C:\Windows\system32\mshtmled.dll
2008-11-21 19:49:20 ----A---- C:\Windows\system32\pngfilt.dll
2008-11-21 19:49:20 ----A---- C:\Windows\system32\mshtmler.dll
2008-11-21 19:49:20 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-21 19:49:20 ----A---- C:\Windows\system32\ieui.dll
2008-11-21 19:49:20 ----A---- C:\Windows\system32\admparse.dll
2008-11-21 19:49:19 ----A---- C:\Windows\system32\msls31.dll
2008-11-21 19:49:19 ----A---- C:\Windows\system32\iernonce.dll
2008-11-21 19:49:19 ----A---- C:\Windows\system32\corpol.dll
2008-11-21 19:49:18 ----A---- C:\Windows\system32\PrivacIE.dll
2008-11-21 19:49:18 ----A---- C:\Windows\system32\ieapfltr.dll
2008-11-21 19:49:18 ----A---- C:\Windows\system32\advpack.dll
2008-11-21 19:49:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2008-11-21 19:49:17 ----A---- C:\Windows\system32\inseng.dll
2008-11-21 19:49:17 ----A---- C:\Windows\system32\imgutil.dll
2008-11-21 19:49:16 ----A---- C:\Windows\system32\msrating.dll
2008-11-21 19:49:16 ----A---- C:\Windows\system32\licmgr10.dll
2008-11-21 19:49:11 ----A---- C:\Windows\system32\iesetup.dll
2008-11-21 19:49:10 ----A---- C:\Windows\system32\msfeeds.dll
2008-11-21 19:49:09 ----A---- C:\Windows\system32\occache.dll
2008-11-21 19:49:09 ----A---- C:\Windows\system32\mstime.dll
2008-11-21 19:49:09 ----A---- C:\Windows\system32\dxtrans.dll
2008-11-21 19:49:09 ----A---- C:\Windows\system32\dxtmsft.dll
2008-11-21 19:49:08 ----A---- C:\Windows\system32\webcheck.dll
2008-11-21 19:49:08 ----A---- C:\Windows\system32\ieaksie.dll
2008-11-21 19:49:08 ----A---- C:\Windows\system32\ieakeng.dll
2008-11-21 19:49:07 ----A---- C:\Windows\system32\WinFXDocObj.exe
2008-11-21 19:49:07 ----A---- C:\Windows\system32\wextract.exe
2008-11-21 19:49:07 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2008-11-21 19:49:07 ----A---- C:\Windows\system32\PDMSetup.exe
2008-11-21 19:49:07 ----A---- C:\Windows\system32\msfeedssync.exe
2008-11-21 19:49:07 ----A---- C:\Windows\system32\ieUnatt.exe
2008-11-21 19:49:07 ----A---- C:\Windows\system32\ieakui.dll
2008-11-21 19:49:06 ----A---- C:\Windows\system32\url.dll
2008-11-21 19:49:06 ----A---- C:\Windows\system32\SetDepNx.exe
2008-11-21 19:49:05 ----A---- C:\Windows\system32\jscript.dll
2008-11-21 19:49:05 ----A---- C:\Windows\system32\iedkcs32.dll
2008-11-21 19:49:04 ----A---- C:\Windows\system32\iertutil.dll
2008-11-21 19:49:04 ----A---- C:\Windows\system32\ie4uinit.exe
2008-11-21 19:49:02 ----A---- C:\Windows\system32\mshta.exe
2008-11-21 19:49:01 ----A---- C:\Windows\system32\iexpress.exe
2008-11-21 19:49:01 ----A---- C:\Windows\system32\iepeers.dll
2008-11-21 19:49:01 ----A---- C:\Windows\system32\icardie.dll
2008-11-21 19:48:59 ----A---- C:\Windows\system32\wininet.dll
2008-11-21 19:48:59 ----A---- C:\Windows\system32\urlmon.dll
2008-11-21 19:48:56 ----A---- C:\Windows\system32\ieframe.dll
2008-11-21 13:47:56 ----A---- C:\Windows\system32\DivXsm.exe
2008-11-21 13:47:52 ----A---- C:\Windows\system32\qt-dx331.dll
2008-11-21 13:46:10 ----A---- C:\Windows\system32\ssldivx.dll
2008-11-21 13:46:10 ----A---- C:\Windows\system32\libdivx.dll
2008-11-21 13:45:16 ----A---- C:\Windows\system32\dtu100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\Windows\system32\dtu100.dll
2008-11-21 13:45:16 ----A---- C:\Windows\system32\dpl100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\Windows\system32\dpl100.dll
2008-11-21 13:45:12 ----A---- C:\Windows\system32\dpv11.dll
2008-11-21 13:45:12 ----A---- C:\Windows\system32\dpus11.dll
2008-11-21 13:45:12 ----A---- C:\Windows\system32\dpuGUI11.dll
2008-11-21 13:45:12 ----A---- C:\Windows\system32\dpuGUI10.dll
2008-11-21 13:45:12 ----A---- C:\Windows\system32\dpu11.dll
2008-11-21 13:45:12 ----A---- C:\Windows\system32\dpu10.dll
2008-11-21 13:45:08 ----A---- C:\Windows\system32\divx_xx11.dll
2008-11-21 13:45:08 ----A---- C:\Windows\system32\divx_xx0c.dll
2008-11-21 13:45:08 ----A---- C:\Windows\system32\divx_xx0a.dll
2008-11-21 13:45:08 ----A---- C:\Windows\system32\divx_xx07.dll
2008-11-21 13:45:06 ----A---- C:\Windows\system32\DivX.dll
2008-11-21 13:44:38 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe
2008-11-21 13:44:16 ----A---- C:\Windows\system32\DivXWMPExtType.dll
2008-11-17 15:59:34 ----A---- C:\Windows\system32\wups2.dll
2008-11-17 15:59:34 ----A---- C:\Windows\system32\wucltux.dll
2008-11-17 15:59:34 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-17 15:59:34 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-17 15:59:03 ----A---- C:\Windows\system32\wups.dll
2008-11-17 15:59:03 ----A---- C:\Windows\system32\wudriver.dll
2008-11-17 15:59:03 ----A---- C:\Windows\system32\wuapi.dll
2008-11-17 15:58:53 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-17 15:58:53 ----A---- C:\Windows\system32\wuapp.exe
2008-11-16 23:04:26 ----A---- C:\Windows\ntbtlog.txt
2008-11-15 18:01:51 ----A---- C:\Windows\system32\TDSSmbcb.dll
2008-11-15 17:50:56 ----A---- C:\ggfxrw.exe
2008-11-15 17:50:55 ----A---- C:\xoud.exe
2008-11-15 17:50:50 ----A---- C:\cxcnowy.exe
2008-11-11 21:33:40 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 21:33:39 ----A---- C:\Windows\system32\msxml6.dll
2008-11-10 23:25:21 ----D---- C:\Users\BulldogMateus\AppData\Roaming\FrostWire
2008-11-10 23:24:54 ----D---- C:\Program Files\FrostWire
2008-11-05 23:37:52 ----D---- C:\Program Files\SP39373
2008-10-29 19:06:29 ----D---- C:\Program Files\SP38886
2008-10-28 21:47:52 ----A---- C:\mxlb.exe
2008-10-28 18:00:56 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 18:00:56 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 18:00:54 ----A---- C:\Windows\system32\win32spl.dll
2008-10-27 20:04:28 ----D---- C:\ProgramData\Avg7
2008-10-27 19:53:40 ----D---- C:\Program Files\IZArc
2008-10-26 22:01:07 ----A---- C:\Windows\system32\EncDec.dll
2008-10-26 22:01:04 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-26 20:06:45 ----A---- C:\Windows\system32\netapi32.dll
2008-10-26 19:42:13 ----D---- C:\Program Files\Vuze

======List of files/folders modified in the last 2 months======

2008-12-20 13:58:38 ----D---- C:\Windows\Prefetch
2008-12-20 13:58:26 ----RD---- C:\Program Files
2008-12-20 13:58:26 ----D---- C:\Windows\Temp
2008-12-20 12:54:27 ----D---- C:\Windows\SMINST
2008-12-19 15:56:04 ----SHD---- C:\System Volume Information
2008-12-19 15:19:34 ----D---- C:\Windows\rescache
2008-12-19 12:33:25 ----D---- C:\Program Files\Mozilla Firefox
2008-12-19 12:31:51 ----D---- C:\Windows
2008-12-18 12:05:48 ----D---- C:\Windows\system32\catroot
2008-12-18 12:05:48 ----D---- C:\Windows\inf
2008-12-18 12:03:35 ----D---- C:\Windows\system32\drivers
2008-12-17 16:34:45 ----D---- C:\Windows\System32
2008-12-17 16:31:12 ----D---- C:\Windows\winsxs
2008-12-17 16:31:10 ----D---- C:\Windows\system32\catroot2
2008-12-16 23:04:27 ----D---- C:\Windows\twain_32
2008-12-16 23:04:26 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 15:17:46 ----D---- C:\Windows\system32\config
2008-12-13 17:38:14 ----SD---- C:\ProgramData\Microsoft
2008-12-13 16:30:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-13 16:08:44 ----SHD---- C:\Windows\Installer
2008-12-13 16:08:44 ----D---- C:\ProgramData\Symantec
2008-12-13 16:05:28 ----HD---- C:\ProgramData
2008-12-12 18:16:45 ----D---- C:\Windows\Downloaded Installations
2008-12-12 18:16:45 ----D---- C:\Program Files\Veoh Networks
2008-12-12 17:00:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-11 16:20:23 ----D---- C:\Program Files\Windows Mail
2008-12-11 16:20:21 ----D---- C:\Windows\AppPatch
2008-12-11 16:20:20 ----D---- C:\Windows\system32\en-US
2008-12-11 16:15:54 ----D---- C:\ProgramData\Microsoft Help
2008-12-09 19:21:29 ----D---- C:\Program Files\Java
2008-12-09 15:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-08 00:39:04 ----D---- C:\Program Files\DivX
2008-12-08 00:38:35 ----D---- C:\Program Files\Common Files
2008-12-04 00:41:37 ----D---- C:\Windows\Minidump
2008-12-03 01:01:49 ----D---- C:\Program Files\Flock
2008-12-03 01:01:46 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Flock
2008-11-30 01:11:26 ----D---- C:\Windows\system32\Tasks
2008-11-25 21:52:25 ----RD---- C:\Users
2008-11-25 21:27:11 ----D---- C:\Program Files\Internet Explorer
2008-11-23 00:40:32 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Mozilla
2008-11-22 20:35:42 ----D---- C:\Program Files\Google
2008-11-22 18:41:33 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Yahoo!
2008-11-22 18:41:33 ----D---- C:\ProgramData\Yahoo!
2008-11-22 18:37:53 ----D---- C:\Program Files\Yahoo!
2008-11-22 18:35:22 ----D---- C:\ProgramData\Google
2008-11-21 21:19:54 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Azureus
2008-11-21 20:15:27 ----D---- C:\Windows\Tasks
2008-11-21 19:51:40 ----D---- C:\Windows\system32\migration
2008-11-21 19:51:40 ----D---- C:\Windows\PolicyDefinitions
2008-11-21 19:51:39 ----D---- C:\Windows\system32\WDI
2008-11-21 19:48:14 ----D---- C:\Windows\SoftwareDistribution
2008-11-21 13:47:50 ----N---- C:\Windows\system32\PxMas.dll
2008-11-21 13:47:48 ----N---- C:\Windows\system32\PxWave.dll
2008-11-21 13:47:48 ----N---- C:\Windows\system32\PxSFS.DLL
2008-11-21 13:47:48 ----N---- C:\Windows\system32\pxhpinst.exe
2008-11-21 13:47:48 ----N---- C:\Windows\system32\pxdrv.dll
2008-11-21 13:47:48 ----N---- C:\Windows\system32\PxAFS.DLL
2008-11-21 13:47:48 ----N---- C:\Windows\system32\Px.dll
2008-11-21 13:47:46 ----N---- C:\Windows\system32\VXBLOCK.dll
2008-11-15 22:03:24 ----D---- C:\Windows\system32\wbem
2008-11-15 22:02:40 ----D---- C:\Windows\system32\spool
2008-11-15 22:02:40 ----D---- C:\Windows\system32\CodeIntegrity
2008-11-15 22:02:40 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-15 22:02:39 ----D---- C:\Windows\registration
2008-11-10 23:25:05 ----D---- C:\Program Files\LimeWire
2008-11-10 13:47:19 ----RSD---- C:\Windows\assembly
2008-11-10 13:47:18 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-11-10 13:37:25 ----AD---- C:\ProgramData\TEMP
2008-11-10 13:16:31 ----D---- C:\Users\BulldogMateus\AppData\Roaming\OpenOffice.org2
2008-11-09 19:43:36 ----D---- C:\Windows\ShellNew
2008-11-05 23:40:56 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Hewlett-Packard
2008-11-05 23:39:33 ----HD---- C:\System.sav
2008-11-05 23:39:22 ----D---- C:\Program Files\Hewlett-Packard
2008-11-05 23:38:48 ----D---- C:\SwSetup
2008-10-30 17:59:44 ----D---- C:\Windows\system32\LogFiles
2008-10-29 19:13:37 ----SD---- C:\Users\BulldogMateus\AppData\Roaming\Microsoft
2008-10-27 20:04:17 ----D---- C:\Windows\system
2008-10-27 18:03:31 ----D---- C:\Windows\Microsoft.NET
2008-10-27 17:56:08 ----D---- C:\Windows\ehome
2008-10-21 17:57:36 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-11 255536]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1002000.007\ccHPx86.sys [2008-12-13 362544]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-12-13 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSvix86.sys [2008-12-13 289840]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1002000.007\SRTSP.SYS [2008-12-11 306736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\System32\Drivers\NIS\1002000.007\SRTSPX.SYS [2008-12-11 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-12-11 25136]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\NIS\1002000.007\SYMTDI.SYS [2008-12-11 198192]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-10-27 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-04-18 141312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-13 99376]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 Iviaspi;IVI ASPI Shell; C:\Windows\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081220.003\NAVENG.SYS [2008-12-13 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081220.003\NAVEX15.SYS [2008-12-13 876112]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [2008-12-11 12976]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-12-13 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\NIS\1002000.007\SYMFW.SYS [2008-12-11 89904]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\NIS\1002000.007\SYMNDISV.SYS [2008-12-11 40496]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [2008-12-11 24624]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-08-15 278528]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-01 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-01 163328]
S3 Flash1;Flash1; \??\C:\Program Files\SP35667\winphlash\Flash1.sys [2006-03-01 3456]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-30 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-01 1781760]
S3 SQTECH9090;TOP Cam; C:\Windows\System32\Drivers\Capt9090.sys [2008-01-14 48384]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
S2 .norton2009Reset;Norton2009 Reset; C:\Program Files\Norton2009Reset.exe [2008-09-17 549159]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-11-09 181784]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]

-----------------EOF-----------------

#4
msp4345

Posted 20 December 2008 - 04:14 PM

Member

Topic Starter
Member
12 posts

info.txt logfile of random's system information tool 1.05 2008-12-20 14:03:58

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Advanced Registry Optimizer-->"C:\Program Files\Advanced Registry Optimizer\unins000.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IwisVenza.INF
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Downloader-->C:\Program Files\InstallShield Installation Information\{B571E4C7-EF38-4672-A862-D825519DED97}\setup.exe -runfromtemp -l0x0009 -removeonly
ESU for Microsoft Vista-->MsiExec.exe /X{1517A7CB-5F00-4A88-8F06-E89B6DB63784}
ffdshow [rev 2033] [2008-07-05]-->"C:\Program Files\ffdshow\unins000.exe"
FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe
gBurner-->"C:\Program Files\gBurner\uninstall.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\UIU32m.EXE -U -IwqcVenz.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{11BB336F-0E58-4977-B866-F24FA334616B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0060-->MsiExec.exe /I{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
My Web Search (Webfetti)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsbar.dll,O
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.2.0.7\InstStub.exe /X
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SkyGazer 4-->MsiExec.exe /X{B7B28A98-604D-4D1F-888F-CAC53E5E19BE}
Snap 'n Share -->C:\PROGRA~1\SNAP'N~1\Setup.exe /remove /q0
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vuze-->C:\Program Files\Vuze\uninstall.exe
Warhammer Online - Age of Reckoning -->C:\Program Files\Electronic Arts\Warhammer Online - Age of Reckoning\uninst2.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AS: Windows Defender

System event log

Computer Name: Mateus-PC
Event Code: 7036
Message: The Windows Modules Installer service entered the running state.
Record Number: 193708
Source Name: Service Control Manager
Time Written: 20081220205735.000000-000
Event Type: Information
User:

Computer Name: Mateus-PC
Event Code: 7036
Message: The Windows Modules Installer service entered the stopped state.
Record Number: 193709
Source Name: Service Control Manager
Time Written: 20081220210735.000000-000
Event Type: Information
User:

Computer Name: Mateus-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 193710
Source Name: Service Control Manager
Time Written: 20081220211316.000000-000
Event Type: Information
User:

Computer Name: Mateus-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 193711
Source Name: Service Control Manager
Time Written: 20081220212954.000000-000
Event Type: Information
User:

Computer Name: Mateus-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 193712
Source Name: Service Control Manager
Time Written: 20081220214624.000000-000
Event Type: Information
User:

Application event log

Computer Name: Mateus-PC
Event Code: 0
Message: Service started successfully.
Record Number: 44448
Source Name: HP Health Check Service
Time Written: 20081220205625.000000-000
Event Type: Information
User:

Computer Name: Mateus-PC
Event Code: 1
Message: The Windows Security Center Service has started.
Record Number: 44449
Source Name: SecurityCenter
Time Written: 20081220205626.000000-000
Event Type: Information
User:

Computer Name: Mateus-PC
Event Code: 1005
Message: Customer Experience Improvement Program data was successfully consolidated into files that will be sent to Microsoft for analysis. These files will be sent only if the user has opted to join the Windows Customer Experience Improvement Program.
Record Number: 44450
Source Name: Microsoft-Windows-CEIP
Time Written: 20081220210533.000000-000
Event Type: Information
User:

Computer Name: Mateus-PC
Event Code: 1007
Message: Customer Experience Improvement Program data was successfully sent to Microsoft.
Record Number: 44451
Source Name: Microsoft-Windows-CEIP
Time Written: 20081220213008.000000-000
Event Type: Information
User:

Computer Name: Mateus-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 44452
Source Name: LightScribeService
Time Written: 20081220220357.000000-000
Event Type: Information
User:

Security event log

Computer Name: Mateus-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 71610
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220220353.215388-000
Event Type: Audit Failure
User:

Computer Name: Mateus-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 71611
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220220353.265388-000
Event Type: Audit Failure
User:

Computer Name: Mateus-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 71612
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220220353.306388-000
Event Type: Audit Failure
User:

Computer Name: Mateus-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 71613
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220220353.349388-000
Event Type: Audit Failure
User:

Computer Name: Mateus-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 71614
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220220353.390388-000
Event Type: Audit Failure
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=Pavilion
"PLATFORM"=MCD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"USERPART"=E:
"windir"=%SystemRoot%

-----------------EOF-----------------

#5
kahdah

Posted 20 December 2008 - 06:40 PM

GeekU Teacher

Retired Staff
15,822 posts

Please right click on Hijackthis and choose "Run as Administrator" then click on "Do a system scan only"
Then place a check mark next to these entries below:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: C:\Windows\system32\siejf93.dll - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\Windows\system32\siejf93.dll (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\Users\BULLDO~1\AppData\Local\Temp\winlogun.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\Users\BulldogMateus\AppData\Local\Temp\winlogun.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Users\BULLDO~1\AppData\Local\Temp\csrssc.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\BULLDO~1\AppData\Local\Temp\cbxvSLff.dll,#1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZKxdm098MRUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\Windows\system32\siejf93.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now click on Fix Checked and then close Hijackthis.
===================================
Please then goto the Vista logo button and click it then go to the Control Panel.
Under Programs choose Uninstall a program.
The remove these items below:

MyWebSearch
Viewpoint

AFter that close the add\remove programs list.
==========================
THen do the following Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

#6
msp4345

Posted 20 December 2008 - 08:05 PM

Member

Topic Starter
Member
12 posts

Malwarebytes' Anti-Malware 1.31
Database version: 1526
Windows 6.0.6001 Service Pack 1

12/20/2008 5:58:53 PM
mbam-log-2008-12-20 (17-58-53).txt

Scan type: Quick Scan
Objects scanned: 50742
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 33
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 7
Files Infected: 10

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5af42a3-94f3-42bd-f434-3604832c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af42a3-94f3-42bd-f434-3604832c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5af42a3-94f3-42bd-f434-3604832c897d} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\cxcnowy.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\ggfxrw.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\mxlb.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\xoud.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\Temp\TDSSa247.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\TDSSmbcb.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

#7
kahdah

Posted 21 December 2008 - 07:07 AM

GeekU Teacher

Retired Staff
15,822 posts

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#8
msp4345

Posted 21 December 2008 - 09:46 PM

Member

Topic Starter
Member
12 posts

ComboFix 08-12-21.04 - BulldogMateus 2008-12-21 19:24:58.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1100 [GMT -8:00]
Running from: c:\users\BulldogMateus\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\TDSSwqsc.dat
c:\windows\system32\x64

----- BITS: Possible infected sites -----

hxxp://91.121.25.60
.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-20 17:50 . 2008-12-20 17:50 <DIR> d-------- c:\users\BulldogMateus\AppData\Roaming\Malwarebytes
2008-12-20 17:50 . 2008-12-20 17:50 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-20 17:50 . 2008-12-20 17:50 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-20 17:50 . 2008-12-20 17:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-20 17:50 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-20 17:50 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-20 13:58 . 2008-12-20 14:03 <DIR> d-------- C:\rsit
2008-12-20 13:58 . 2008-12-20 17:13 <DIR> d-------- c:\program files\trend micro
2008-12-17 15:41 . 2008-12-12 22:23 1,659,392 --a------ c:\windows\System32\mshtml.tlb
2008-12-16 23:04 . 2008-12-16 23:04 <DIR> d-------- c:\program files\SQ916D
2008-12-16 23:04 . 2008-01-14 15:14 48,384 --a------ c:\windows\System32\drivers\Capt9090.sys
2008-12-16 23:04 . 2008-01-14 15:14 24,704 --a------ c:\windows\System32\drivers\Camd9090.sys
2008-12-16 22:56 . 2006-04-11 00:49 118,784 --------- c:\windows\System32\PTTreeIcons.dll
2008-12-16 22:55 . 2008-12-16 23:03 <DIR> d-------- c:\program files\Snap 'n Share
2008-12-13 18:17 . 2008-12-13 18:17 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-13 18:17 . 2008-12-13 18:17 1,409 --a------ c:\windows\QTFont.for
2008-12-13 17:53 . 2007-12-20 08:10 995,383 --a------ c:\windows\System32\temp.000
2008-12-13 17:52 . 2008-12-13 18:40 <DIR> d-------- c:\program files\The Weather Channel FW
2008-12-13 17:51 . 2008-12-13 17:51 <DIR> d-------- c:\users\BulldogMateus\AppData\Roaming\Sammsoft
2008-12-13 17:51 . 2008-12-19 15:50 <DIR> d-------- c:\program files\Advanced Registry Optimizer
2008-12-13 16:19 . 2008-12-13 16:19 <DIR> d-------- c:\program files\Symantec
2008-12-13 16:19 . 2008-12-13 16:19 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-12-13 16:19 . 2008-12-11 19:28 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2008-12-13 16:19 . 2008-12-13 16:19 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-12-13 16:19 . 2008-12-13 16:19 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-12-13 16:18 . 2008-12-19 12:29 <DIR> d-------- c:\windows\System32\drivers\NIS
2008-12-13 16:18 . 2008-12-13 16:18 <DIR> d-------- c:\program files\Norton Internet Security
2008-12-13 16:17 . 2008-12-13 16:17 <DIR> d-------- c:\program files\NortonInstaller
2008-12-11 16:05 . 2008-10-21 17:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 17:52 . 2008-10-31 17:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 17:52 . 2008-10-20 21:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-10 17:52 . 2008-10-31 19:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-10 17:51 . 2008-10-28 22:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-10 17:50 . 2008-06-22 17:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-10 17:50 . 2008-06-22 17:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-10 17:50 . 2008-06-22 17:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 19:22 . 2008-12-09 19:21 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-08 16:08 . 2008-12-10 18:01 <DIR> d-------- c:\program files\ffdshow
2008-12-08 16:08 . 2008-08-10 11:55 60,273 --a------ c:\windows\System32\pthreadGC2.dll
2008-12-08 16:08 . 2008-06-12 20:36 7,680 --a------ c:\windows\System32\ff_vfw.dll
2008-12-08 16:08 . 2007-07-10 18:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest
2008-12-08 16:04 . 2008-12-08 16:04 <DIR> d-------- c:\users\BulldogMateus\AppData\Roaming\DivX
2008-12-08 00:38 . 2008-12-08 00:38 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2008-11-25 21:35 . 2008-10-20 21:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 21:35 . 2008-08-27 19:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 21:35 . 2008-08-27 19:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 21:35 . 2008-08-27 19:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 21:35 . 2008-10-21 19:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 18:23 . 2008-11-23 18:23 <DIR> d-------- c:\users\BulldogMateus\AppData\Roaming\GTek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 05:13 --------- d-----w c:\users\BulldogMateus\AppData\Roaming\FrostWire
2008-12-21 01:48 --------- d-----w c:\programdata\Viewpoint
2008-12-17 07:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 00:30 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-14 00:18 --------- d-----w c:\programdata\Norton
2008-12-14 00:08 --------- d-----w c:\programdata\Symantec
2008-12-13 02:16 --------- d-----w c:\program files\Veoh Networks
2008-12-12 00:20 --------- d-----w c:\program files\Windows Mail
2008-12-12 00:15 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 03:21 --------- d-----w c:\program files\Java
2008-12-08 08:39 --------- d-----w c:\program files\DivX
2008-12-03 09:07 --------- d-----w c:\programdata\NortonInstaller
2008-12-03 09:01 --------- d-----w c:\users\BulldogMateus\AppData\Roaming\Flock
2008-12-03 09:01 --------- d-----w c:\program files\Flock
2008-11-25 00:39 --------- d-----w c:\program files\FrostWire
2008-11-23 04:35 --------- d-----w c:\program files\Google
2008-11-23 02:41 --------- d-----w c:\users\BulldogMateus\AppData\Roaming\Yahoo!
2008-11-23 02:41 --------- d-----w c:\programdata\Yahoo!
2008-11-23 02:37 --------- d-----w c:\program files\Yahoo!
2008-11-22 05:19 --------- d-----w c:\users\BulldogMateus\AppData\Roaming\Azureus
2008-11-22 05:04 --------- d-----w c:\program files\gBurner
2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\System32\PxAFS.DLL
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-11-19 10:34 3,900 ----a-w c:\users\BulldogMateus\AppData\Roaming\wklnhst.dat
2008-11-16 06:02 --------- d-----w c:\program files\SP39373
2008-11-11 07:25 --------- d-----w c:\program files\LimeWire
2008-11-10 21:47 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-11-10 21:37 --------- d---a-w c:\programdata\TEMP
2008-11-10 21:16 --------- d-----w c:\users\BulldogMateus\AppData\Roaming\OpenOffice.org2
2008-11-06 07:40 --------- d-----w c:\users\BulldogMateus\AppData\Roaming\Hewlett-Packard
2008-11-06 07:39 --------- d-----w c:\program files\Hewlett-Packard
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-30 03:06 --------- d-----w c:\program files\SP38886
2008-10-28 04:04 --------- d-----w c:\programdata\Avg7
2008-10-28 03:53 --------- d-----w c:\program files\IZArc
2008-10-27 03:42 --------- d-----w c:\program files\Vuze
2008-10-22 01:57 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 22:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 21:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-17 13:16 549,159 --sha-r c:\program files\Norton2009Reset.exe
2008-06-21 03:57 174 --sha-w c:\program files\desktop.ini
2008-02-10 01:42 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-10 01:42 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-10 01:42 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-29 07:06 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-29 07:06 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-29 07:06 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-09-15 20480]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SetPoint"="c:\program files\Logitech\SetPoint\KEM.EXE" [2004-07-15 581632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\users\BulldogMateus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2008-07-17 303104]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-09-15 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2008-09-15 581632]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoThumbnailCache"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= QQ.exe
"2"= QQexternal.exe
"3"= QQGame.exe
"4"= QQPetDazzle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F5A89237-78BF-45D5-A273-FD7F3205321C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1AC2D228-FF1F-4EDD-9505-D7208AF6A4BE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E21C88F9-6615-44A8-93E8-7C27E8B58D24}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{33662EF4-3C46-4E11-82AF-E05B94A29E3D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{ED22F0EC-51E7-4CBA-BDC0-50C76C0B89EF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E9BA65AF-03FA-460E-A2DD-0FDEF80AEFCF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A3261031-8B65-4E92-811E-CD07FD4F196E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B47C555E-926E-403F-A048-1233AD18351D}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{4F02F044-051F-4A5C-BA7E-EE9A1B04A57C}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{B5161578-CE92-4765-9C04-7AF0FAAA3E08}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{34DC0C47-8575-4069-839B-C694153F847E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{ACFAA613-51D2-40C5-B135-A832C69785B8}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{A545AFC1-AF09-45AF-B3D2-7C6B0BF0E5EC}c:\\program files\\codemasters\\rf online\\rf.exe"= UDP:c:\program files\codemasters\rf online\rf.exe:RFLauncher
"UDP Query User{F91DD211-6BF4-4456-AD44-C301BAF7229A}c:\\program files\\codemasters\\rf online\\rf.exe"= TCP:c:\program files\codemasters\rf online\rf.exe:RFLauncher
"TCP Query User{10F32395-FB67-4AC0-8C9C-423DD904E1AB}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{8DECC38F-7B70-4A66-A0DB-C4CADB287B3E}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{25DF89EE-DB09-4607-BA4C-B50C17072603}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{84201B5A-ADEA-4B4C-B0F8-6291E62D177C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8AF6640B-F161-4EC8-A151-702B12C221A1}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{935CEFF1-3F0A-49FB-80F9-67C5F9C2B128}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{04B46970-761D-4370-850C-CE9A052D0384}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{3E5D67E9-0453-4D60-9069-C36CC6AB6F82}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{D39B7BB5-29D5-45A3-B586-E59B1A0C7530}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{BC6DB679-7A74-4F93-A70C-C6DCFDD6EC81}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{CE241793-C9DF-4CA3-B495-014DD07D735D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B6A39E57-A795-47F2-9E6A-76227A1B2FD1}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{1A1A00FB-3AC1-4C75-9805-A37FAAF50A22}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:Logitech Desktop Messenger
"UDP Query User{BCBC5F67-F33A-4BDB-B83D-743B5B7C80BC}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:Logitech Desktop Messenger
"TCP Query User{4855371C-0CA3-4DA4-AC28-F4224FAE6D6C}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:Logitech Desktop Messenger
"UDP Query User{E6A53C8F-8926-477F-BD24-15A95AAAAFBF}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:Logitech Desktop Messenger
"{61FAA13F-7514-468F-8C9E-E597C171D7F6}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{B7C1238A-9235-48FE-97A5-2603761DF55E}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{F5C9F4EB-ED15-4A44-A719-1D07E9FB89DB}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{4CCD8BEE-8BE1-4F0C-BADC-2C0E460CCF62}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-17 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1002000.007\ccHPx86.sys [2008-12-17 362544]
R1 IDSVix86;IDSVix86;\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSvix86.sys [2008-12-20 289840]
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll" /prefetch:1 []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-13 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\NIS\1002000.007\SYMNDISV.SYS [2008-12-17 40496]
S2 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-09-17 549159]
S3 Flash1;Flash1;\??\c:\program files\SP35667\winphlash\Flash1.sys [2006-03-01 3456]
S3 SQTECH9090;TOP Cam;c:\windows\system32\Drivers\Capt9090.sys [2008-12-16 48384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-03 c:\windows\Tasks\HPCeeScheduleForBulldogMateus.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-03-23 13:23]

2008-12-21 c:\windows\Tasks\User_Feed_Synchronization-{83C9B349-5D4B-4A48-9BC4-5AC871460459}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]

2008-12-22 c:\windows\Tasks\User_Feed_Synchronization-{A1385D7D-0555-426E-85E9-18735BB03D56}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 19:29:33
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-21 19:37:10
ComboFix-quarantined-files.txt 2008-12-22 03:37:08

Pre-Run: 161,125,621,760 bytes free
Post-Run: 164,036,313,088 bytes free

269 --- E O F --- 2008-12-18 00:31:19

#9
kahdah

Posted 22 December 2008 - 07:15 AM

GeekU Teacher

Retired Staff
15,822 posts

Looks much better please post a new Rsit log and let me know how things are running?

#10
msp4345

Posted 22 December 2008 - 04:04 PM

Member

Topic Starter
Member
12 posts

Logfile of random's system information tool 1.05 (written by random/random)
Run by BulldogMateus at 2008-12-22 14:02:20
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 156 GB (68%) free of 230 GB
Total RAM: 2038 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:51 PM, on 12/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\BulldogMateus\Desktop\RSIT.exe
C:\Program Files\trend micro\BulldogMateus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/p/1.html?_pdb=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.co...otouploader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8643 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForBulldogMateus.job
C:\Windows\tasks\User_Feed_Synchronization-{83C9B349-5D4B-4A48-9BC4-5AC871460459}.job
C:\Windows\tasks\User_Feed_Synchronization-{A1385D7D-0555-426E-85E9-18735BB03D56}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-11 344944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL [2008-12-13 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-09 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-11 344944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-03-11 159744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-09 136600]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"SetPoint"=C:\Program Files\Logitech\SetPoint\KEM.EXE [2004-07-15 581632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2008-09-15 20480]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-03 3522296]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Users\BulldogMateus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceStartMenuLogOff"=1
"Intellimenus"=1
"NoAddPrinter"=0
"NoChangeAnimation"=0
"NoDeletePrinter"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=4
"NoInstrumentation"=0
"NoThumbnailCache"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-12-21 19:37:11 ----A---- C:\ComboFix.txt
2008-12-21 19:23:19 ----A---- C:\Windows\zip.exe
2008-12-21 19:23:19 ----A---- C:\Windows\VFIND.exe
2008-12-21 19:23:19 ----A---- C:\Windows\SWXCACLS.exe
2008-12-21 19:23:19 ----A---- C:\Windows\SWSC.exe
2008-12-21 19:23:19 ----A---- C:\Windows\SWREG.exe
2008-12-21 19:23:19 ----A---- C:\Windows\sed.exe
2008-12-21 19:23:19 ----A---- C:\Windows\NIRCMD.exe
2008-12-21 19:23:19 ----A---- C:\Windows\grep.exe
2008-12-21 19:23:19 ----A---- C:\Windows\fdsv.exe
2008-12-21 19:23:15 ----D---- C:\Windows\ERDNT
2008-12-21 19:23:15 ----D---- C:\Qoobox
2008-12-20 17:50:50 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Malwarebytes
2008-12-20 17:50:44 ----D---- C:\ProgramData\Malwarebytes
2008-12-20 17:50:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-20 13:58:26 ----D---- C:\Program Files\trend micro
2008-12-20 13:58:24 ----D---- C:\rsit
2008-12-17 15:41:08 ----A---- C:\Windows\system32\mshtml.dll
2008-12-16 23:04:26 ----D---- C:\Program Files\SQ916D
2008-12-16 22:56:12 ----A---- C:\aa.txt
2008-12-16 22:56:04 ----N---- C:\Windows\system32\PTTreeIcons.dll
2008-12-16 22:55:48 ----D---- C:\Program Files\Snap 'n Share
2008-12-13 17:52:47 ----D---- C:\Program Files\The Weather Channel FW
2008-12-13 17:51:46 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Sammsoft
2008-12-13 17:51:38 ----D---- C:\Program Files\Advanced Registry Optimizer
2008-12-13 16:19:18 ----D---- C:\Program Files\Symantec
2008-12-13 16:18:15 ----D---- C:\Program Files\Norton Internet Security
2008-12-13 16:17:32 ----D---- C:\Program Files\NortonInstaller
2008-12-11 16:05:09 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 17:52:19 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 17:52:09 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 17:52:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 17:51:23 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 17:51:12 ----A---- C:\Windows\explorer.exe
2008-12-10 17:50:51 ----A---- C:\Windows\system32\mf.dll
2008-12-10 17:50:50 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 17:50:49 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 17:50:49 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 19:22:13 ----A---- C:\Windows\system32\javaws.exe
2008-12-09 19:22:13 ----A---- C:\Windows\system32\deploytk.dll
2008-12-09 19:22:12 ----A---- C:\Windows\system32\javaw.exe
2008-12-09 19:22:12 ----A---- C:\Windows\system32\java.exe
2008-12-08 16:08:42 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-12-08 16:08:41 ----A---- C:\Windows\system32\ff_vfw.dll
2008-12-08 16:08:39 ----A---- C:\Windows\system32\pthreadGC2.dll
2008-12-08 16:08:37 ----D---- C:\Program Files\ffdshow
2008-12-08 16:04:52 ----D---- C:\Users\BulldogMateus\AppData\Roaming\DivX
2008-12-08 00:38:35 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-11-25 21:35:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 21:35:25 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 21:35:24 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 21:35:24 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 21:35:21 ----A---- C:\Windows\system32\connect.dll
2008-11-23 18:23:39 ----D---- C:\Users\BulldogMateus\AppData\Roaming\GTek

======List of files/folders modified in the last 1 months======

2008-12-22 14:02:18 ----D---- C:\Windows\Temp
2008-12-22 14:00:23 ----D---- C:\Windows\SMINST
2008-12-22 13:54:30 ----D---- C:\Windows\rescache
2008-12-21 19:37:16 ----D---- C:\Windows\system32\en-US
2008-12-21 19:37:16 ----D---- C:\Windows\System32
2008-12-21 19:37:13 ----D---- C:\Windows
2008-12-21 19:29:36 ----A---- C:\Windows\system.ini
2008-12-21 19:27:38 ----D---- C:\Windows\system32\drivers
2008-12-21 19:27:38 ----D---- C:\Windows\AppPatch
2008-12-21 19:27:38 ----D---- C:\Program Files\Common Files
2008-12-21 19:24:21 ----SHD---- C:\System Volume Information
2008-12-21 19:23:17 ----D---- C:\Windows\Prefetch
2008-12-20 21:14:49 ----RD---- C:\Program Files
2008-12-20 21:13:42 ----D---- C:\Users\BulldogMateus\AppData\Roaming\FrostWire
2008-12-20 17:50:44 ----HD---- C:\ProgramData
2008-12-20 17:49:31 ----D---- C:\Program Files\Internet Explorer
2008-12-20 17:48:44 ----D---- C:\ProgramData\Viewpoint
2008-12-20 16:18:46 ----SHD---- C:\Windows\Installer
2008-12-20 14:44:39 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 12:05:48 ----D---- C:\Windows\system32\catroot
2008-12-18 12:05:48 ----D---- C:\Windows\inf
2008-12-17 16:31:12 ----D---- C:\Windows\winsxs
2008-12-17 16:31:10 ----D---- C:\Windows\system32\catroot2
2008-12-16 23:04:27 ----D---- C:\Windows\twain_32
2008-12-16 23:04:26 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 15:17:46 ----D---- C:\Windows\system32\config
2008-12-13 17:38:14 ----SD---- C:\ProgramData\Microsoft
2008-12-13 16:30:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-13 16:18:15 ----D---- C:\ProgramData\Norton
2008-12-13 16:08:44 ----D---- C:\ProgramData\Symantec
2008-12-12 20:12:22 ----A---- C:\Windows\ntbtlog.txt
2008-12-12 18:16:45 ----D---- C:\Windows\Downloaded Installations
2008-12-12 18:16:45 ----D---- C:\Program Files\Veoh Networks
2008-12-12 17:00:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-11 16:20:23 ----D---- C:\Program Files\Windows Mail
2008-12-11 16:15:54 ----D---- C:\ProgramData\Microsoft Help
2008-12-09 19:21:29 ----D---- C:\Program Files\Java
2008-12-09 15:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-08 00:39:04 ----D---- C:\Program Files\DivX
2008-12-04 00:41:37 ----D---- C:\Windows\Minidump
2008-12-03 01:07:05 ----D---- C:\ProgramData\NortonInstaller
2008-12-03 01:01:49 ----D---- C:\Program Files\Flock
2008-12-03 01:01:46 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Flock
2008-11-30 01:11:26 ----D---- C:\Windows\system32\Tasks
2008-11-25 21:52:25 ----RD---- C:\Users
2008-11-24 16:39:03 ----D---- C:\Program Files\FrostWire
2008-11-23 00:40:32 ----D---- C:\Users\BulldogMateus\AppData\Roaming\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-11 255536]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1002000.007\ccHPx86.sys [2008-12-13 362544]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-12-13 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSvix86.sys [2008-12-13 289840]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1002000.007\SRTSP.SYS [2008-12-11 306736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\System32\Drivers\NIS\1002000.007\SRTSPX.SYS [2008-12-11 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-12-11 25136]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\NIS\1002000.007\SYMTDI.SYS [2008-12-11 198192]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-10-27 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-04-18 141312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-13 99376]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 Iviaspi;IVI ASPI Shell; C:\Windows\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081222.005\NAVENG.SYS [2008-12-13 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081222.005\NAVEX15.SYS [2008-12-13 876112]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [2008-12-11 12976]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-12-13 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\NIS\1002000.007\SYMFW.SYS [2008-12-11 89904]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\NIS\1002000.007\SYMNDISV.SYS [2008-12-11 40496]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [2008-12-11 24624]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-08-15 278528]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-01 464384]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-01 163328]
S3 Flash1;Flash1; \??\C:\Program Files\SP35667\winphlash\Flash1.sys [2006-03-01 3456]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-30 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-01 1781760]
S3 SQTECH9090;TOP Cam; C:\Windows\System32\Drivers\Capt9090.sys [2008-01-14 48384]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
S2 .norton2009Reset;Norton2009 Reset; C:\Program Files\Norton2009Reset.exe [2008-09-17 549159]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-11-09 181784]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]

-----------------EOF-----------------

#11
msp4345

Posted 22 December 2008 - 04:08 PM

Member

Topic Starter
Member
12 posts

I use Firefox for my browser now because my Internet Explorer was infected before. I deleted my Explorer but after I did the Combofix it came back. Do you think it's ok to use now or should I just keep using Firefox and delete Explorer again??
Oh and everything is running good now. Thanks!
How do I keep my computer from freezing??

#12
kahdah

Posted 22 December 2008 - 08:43 PM

GeekU Teacher

Retired Staff
15,822 posts

Internet Explorer is a part of Microsoft you cannot remove it.
You deleted the icon and Combofix replaced the default IE icon back on your desktop.
Internete Explorer will be fine to use becasue you are no longer infected.

How do I keep my computer from freezing??

When does it freeze?
Is it random or when you are using the computer?

#13
msp4345

Posted 22 December 2008 - 09:04 PM

Member

Topic Starter
Member
12 posts

ok. It freezes at random times. Before we fixed the virus problem it would freeze every single time i tried using the computer for more than 30minutes. Now it only freezes when I first turn on my computer and go onto my browser. After I force shut down and restart it then it doesnt freeze anymore.

#14
kahdah

Posted 23 December 2008 - 06:51 AM

GeekU Teacher

Retired Staff
15,822 posts

Could be a hardware or software issue.
You can post about it in this forum : http://www.geekstogo...dows-7-f79.html
They will assist you with that problem.
=======================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.