Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another Vundo infection [Solved]

Started by tdouty , Jan 04 2009 06:57 PM

  • This topic is locked This topic is locked

#1
tdouty
Posted 04 January 2009 - 06:57 PM

tdouty

    Member

  • Member
  • PipPip
  • 19 posts
I have the Vundo virus according to Windows Defender. Not sure why it didn't catch it unless it wasn't running. I'm currently on a different computer. The computer with the infection keeps rebooting because it tries to go to some website and then reboots. First off, I need to get the thing stable so it doesn't keep rebooting. Then I'll put HijackThis on it. Thanks for any help....where to from here?
  • 0

Advertisements

#2
kahdah
Posted 04 January 2009 - 07:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello tdouty

Welcome to G2Go. :)
=====================
SO it won't try to connect to the site do the following then try to run the following tool:

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
==================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#3
tdouty
Posted 04 January 2009 - 09:19 PM

tdouty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
One thing I want to mention that I had forgotten is that yesterday the computer was also infected with Rapid Antivirus. I used SpyBot Search and Destroy to remove that. I thought that was the only problem until this morning I saw that Rapid Antivirus was gone but more problems awaited me. Can you also tell me what I should be using to protect my computer in the future? Is Windows Defender sufficient? I also use SpyBot and Lavasoft Adaware, but these only scan and don't offer real-time protection.

Also FYI: I used msconfig today to try to remove a few things from the computer's startup processes. That is why you'll see some items modified recently in msconfig.


Here is log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-04 22:00:50
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 6 GB (20%) free of 32 GB
Total RAM: 1023 MB (76% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\bfgietes.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d847d31-6c98-4ba9-95c7-000d3eafc854}]
C:\WINDOWS\system32\tigujuse.dll [65535-65535-31889 61021]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A056456-FFA3-4A1E-B8F1-333D63297980}]
C:\WINDOWS\system32\wvUmllKb.dll [2009-01-03 284160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-01-29 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-27 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"ScreenPrint32"=C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe [2003-05-15 446464]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHmon03"=C:\WINDOWS\System32\hphmon03.exe [2001-10-25 311296]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-10-25 196608]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-11 114688]
"CXMon"=C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [2001-09-19 45056]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-08-16 339968]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]
"vptray"=C:\PROGRA~1\SYMANT~2\VPTray.exe [2007-10-07 125368]
"UDC Integration"= []
"flockbox"=h:\My Lockbox\flockbox.exe [2007-12-14 1071472]
"Otace"=C:\WINDOWS\orakazaqa.dll [2009-01-03 135168]
"Lvetexuluqi"=C:\WINDOWS\Qqatakusadiyureg.dll [2009-01-03 40448]
"waruhevozo"=C:\WINDOWS\system32\fehodubo.dll [65535-65535-31889 61021]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2009-01-03 114688]
"0c18badd"=C:\WINDOWS\system32\tojapogu.dll [2009-01-04 83765]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"WebCamRT.exe"= []
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-24 68856]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2009-01-03 114688]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c18badd]
C:\WINDOWS\system32\vonusevo.dll [2009-01-04 83756]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
H:\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2002-10-23 1163264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE [1998-12-10 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lvetexuluqi]
C:\WINDOWS\Qqatakusadiyureg.dll [2009-01-03 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
C:\Program Files\Microsoft Location Finder\LocationFinder.exe [2005-08-24 101080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2002-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Otace]
C:\WINDOWS\orakazaqa.dll [2009-01-03 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe [2000-03-01 48128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]
C:\WINDOWS\system32\prunnet.exe [2009-01-03 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe [2002-07-31 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE [1998-12-10 23040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe [2007-11-15 1212368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spam Blocker for Outlook Express]
C:\PROGRA~1\SPAMBL~1\Bin\475~1.0\SBInst.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-24 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-01-29 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\waruhevozo]
C:\WINDOWS\system32\fehodubo.dll [65535-65535-31889 61021]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-08-19 3084288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE [2005-06-06 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe [2006-04-20 1528880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
H:\Nikon\PICTUR~1\NKBMON~1.EXE [2004-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Billminder.lnk]
C:\QUICKENW\billmind.exe [1997-12-03 25600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
RIPBAR95.exe
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\lepebete.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-04 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-10-07 43448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyxwut]
xxyyxwut.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= []
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\wvUmllKb
"notification packages"=scecli
C:\WINDOWS\system32\lepebete.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility"
"C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray"
"C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup"
"C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"H:\Microsoft Games\Halo\halo.exe"="H:\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yasarija.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\vonusevo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\tojapogu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\tigujuse.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\lepebete.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\fehodubo.dll
2009-01-04 22:00:54 ----D---- C:\Program Files\trend micro
2009-01-04 22:00:50 ----D---- C:\rsit
2009-01-04 17:52:20 ----SH---- C:\WINDOWS\system32\ovesunov.ini
2009-01-04 01:53:56 ----A---- C:\WINDOWS\system32\pvdgmwjb.exe
2009-01-03 21:20:24 ----D---- C:\Program Files\SpyNoMore
2009-01-03 21:20:08 ----D---- C:\Program Files\Common Files\Download Manager
2009-01-03 21:08:04 ----ASH---- C:\WINDOWS\system32\ajirasay.ini
2009-01-03 20:54:29 ----A---- C:\WINDOWS\system32\msiconf.exe
2009-01-03 20:54:22 ----A---- C:\WINDOWS\system32\bgl.exe
2009-01-03 20:51:37 ----A---- C:\WINDOWS\orakazaqa.dll
2009-01-03 20:39:22 ----A---- C:\WINDOWS\Qqatakusadiyureg.dll
2009-01-03 20:39:21 ----A---- C:\WINDOWS\system32\k9261108.exe
2009-01-03 20:38:56 ----A---- C:\WINDOWS\system32\hgGabaxu.dll
2009-01-03 20:38:36 ----SH---- C:\WINDOWS\system32\gyviqrno.ini
2009-01-03 20:38:25 ----N---- C:\WINDOWS\system32\onrqivyg.dll
2009-01-03 20:35:46 ----A---- C:\WINDOWS\system32\073b7ea3-.txt
2009-01-03 20:32:30 ----A---- C:\WINDOWS\system32\ssqnOgef.dll
2009-01-03 20:32:04 ----A---- C:\WINDOWS\system32\prunnet.exe
2009-01-03 20:29:15 ----ASH---- C:\WINDOWS\system32\bKllmUvw.ini2
2009-01-03 20:29:14 ----ASH---- C:\WINDOWS\system32\bKllmUvw.ini
2009-01-03 20:29:08 ----A---- C:\WINDOWS\system32\wvUmllKb.dll
2008-12-31 17:01:51 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-31 17:01:39 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-31 17:01:13 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-31 17:01:12 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-31 17:00:47 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-31 17:00:43 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-31 17:00:40 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-31 17:00:35 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-31 17:00:32 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-31 17:00:32 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-31 17:00:29 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-31 17:00:26 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-31 17:00:24 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-31 17:00:22 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-31 17:00:20 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-31 17:00:17 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-31 16:59:21 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-31 16:59:18 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-31 16:59:18 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-31 16:59:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-31 16:59:13 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-31 16:58:50 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-29 12:00:46 ----D---- C:\Documents and Settings\Owner\Application Data\Webfoot
2008-12-28 19:48:15 ----D---- C:\Program Files\NZCSM
2008-12-27 21:02:32 ----D---- C:\Documents and Settings\Owner\Application Data\Canneverbe_Limited
2008-12-16 11:20:32 ----D---- C:\Program Files\Usability Sciences
2008-12-16 11:20:32 ----A---- C:\WINDOWS\system32\WebIQEngineSetup.exe
2008-12-13 20:36:34 ----RA---- C:\WINDOWS\system32\RedEye.dll
2008-12-13 20:36:34 ----A---- C:\WINDOWS\system32\Strato4.dll
2008-12-13 20:36:34 ----A---- C:\WINDOWS\system32\StdFilters3PS.dll
2008-12-13 20:36:33 ----A---- C:\WINDOWS\system32\NEFLibrary3PS.dll
2008-12-13 20:36:33 ----A---- C:\WINDOWS\system32\CML5.dll
2008-12-13 20:36:33 ----A---- C:\WINDOWS\system32\Asteroid6.dll
2008-12-13 20:36:31 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-12-13 20:36:22 ----RA---- C:\WINDOWS\system32\RCSigProc.dll
2008-12-13 20:36:22 ----RA---- C:\WINDOWS\system32\picn1120.dll
2008-12-13 20:36:21 ----RA---- C:\WINDOWS\system32\picn1020.dll
2008-12-13 20:36:19 ----RA---- C:\WINDOWS\system32\DRAGNKL1.dll
2008-12-13 20:36:19 ----D---- C:\Documents and Settings\Owner\Application Data\Nikon
2008-12-13 20:34:33 ----D---- C:\Program Files\Common Files\Nikon
2008-12-11 03:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 20:36:59 ----D---- C:\Program Files\AIM Toolbar
2008-12-06 20:36:59 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2008-12-06 20:36:33 ----D---- C:\Documents and Settings\All Users\Application Data\acccore

======List of files/folders modified in the last 1 months======

2009-01-04 22:00:54 ----AD---- C:\Program Files
2009-01-04 21:58:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-04 21:46:45 ----SD---- C:\WINDOWS\Tasks
2009-01-04 21:41:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 21:08:34 ----AD---- C:\WINDOWS\system32
2009-01-04 18:50:23 ----D---- C:\WINDOWS
2009-01-04 18:46:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-04 18:45:38 ----AD---- C:\WINDOWS\Temp
2009-01-04 18:39:51 ----RASH---- C:\boot.ini
2009-01-04 18:39:51 ----A---- C:\WINDOWS\win.ini
2009-01-04 18:39:50 ----A---- C:\WINDOWS\System.ini
2009-01-04 09:24:26 ----D---- C:\WINDOWS\Prefetch
2009-01-03 22:42:06 ----A---- C:\WINDOWS\wininit.ini
2009-01-03 21:49:25 ----D---- C:\Program Files\SpywareGuard
2009-01-03 21:20:08 ----AD---- C:\Program Files\Common Files
2009-01-03 21:07:03 ----D---- C:\Program Files\Mozilla Firefox
2009-01-03 20:24:14 ----D---- C:\WINDOWS\system32\drivers
2008-12-31 17:02:13 ----D---- C:\WINDOWS\system32\DirectX
2008-12-31 17:02:03 ----HD---- C:\WINDOWS\inf
2008-12-31 17:00:16 ----RSD---- C:\WINDOWS\assembly
2008-12-31 16:18:51 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-29 11:52:08 ----D---- C:\WINDOWS\Minidump
2008-12-28 19:48:20 ----SHD---- C:\WINDOWS\Installer
2008-12-22 17:45:48 ----D---- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-12-21 19:06:28 ----D---- C:\WINDOWS\pss
2008-12-21 18:47:20 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-21 18:47:16 ----D---- C:\Program Files\Viewpoint
2008-12-21 18:33:53 ----D---- C:\WINDOWS\system32\config
2008-12-21 18:16:03 ----D---- C:\Program Files\LimeWire
2008-12-19 18:57:19 ----D---- C:\Captures
2008-12-18 03:02:25 ----A---- C:\WINDOWS\imsins.BAK
2008-12-18 03:02:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 03:00:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 11:20:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-13 20:36:37 ----D---- C:\Temp
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 03:03:30 ----D---- C:\Program Files\Internet Explorer
2008-12-06 20:35:51 ----D---- C:\Program Files\AIM6
2008-12-06 20:35:01 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2002-10-08 7582]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
S1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
S1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-16 16877]
S2 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-10-24 455552]
S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-20 515803]
S2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
S2 Devx;Devx; C:\WINDOWS\System32\drivers\Devx.sys [2001-09-06 4448]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S2 VtPr;VtPr; C:\WINDOWS\System32\drivers\VtPr.sys [2001-10-10 3328]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-14 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-14 78496]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-04 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-04 38912]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
S3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\System32\DRIVERS\hphid409.sys [2001-10-25 50704]
S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\System32\DRIVERS\hphipr09.sys [2001-10-25 15984]
S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2001-10-25 50179]
S3 Dot4Usb HPH09;Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [2001-10-25 18864]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-14 90395]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090102.006\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090102.006\navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PCDRDRV;Pcdr Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\WINDOWS\System32\DRIVERS\LVCD.sys [2002-06-10 39936]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-02-26 260736]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-24 10986]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; H:\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-04 495616]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-05 593920]
S2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]
S2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-04-20 1520688]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-10-07 31160]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
S2 NMSAccessU;NMSAccessU; h:\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-03-03 65536]
S2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc); C:\WINDOWS\system32\pr2ah4nc.exe [2007-05-18 407152]
S2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-07-26 1181016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-24 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-11-03 242424]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-05 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-28 2999664]
S3 Pml Driver;Pml Driver; C:\WINDOWS\System32\HPHipm09.exe [2001-10-25 77824]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-10-07 116664]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-10-07 1822648]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------













Here is info.txt



info.txt logfile of random's system information tool 1.05 2009-01-04 22:01:07

======Uninstall list======

-->"C:\Program Files\WildGames\FATE\Uninstall.exe"
-->"C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
-->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Dragon Castle-->C:\WINDOWS\uninst.exe -f"h:\Cosmi\3D Dragon Castle\DeIsL1.isu" -c"h:\Cosmi\3D Dragon Castle\_ISREG32.DLL"
42 Bit Scanner-->C:\PROGRA~1\42BITS~1\UNWISE.EXE C:\PROGRA~1\42BITS~1\INSTALL.LOG
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Premiere Elements 4.0 Templates-->msiexec /I {F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0 Templates-->MsiExec.exe /I{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0-->msiexec /I {3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Elements 4.0-->MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
AGEIA PhysX v2.5.1-->"C:\Program Files\AGEIA Technologies\uninstall.exe"
Ahead InCD EasyWrite Reader-->C:\WINDOWS\UNMrw.exe /UNINSTALL
Ahead InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search
AOL Instant Messenger-->C:\PROGRA~1\AIM\uninstll.exe -LOG= C:\PROGRA~1\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\Setup.exe" -l0x9 -uninst
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.0.0-->"C:\Program Files\Audacity\unins000.exe"
BlueSoleil-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
Canon Camera Access Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44E24545-F317-4498-B7CD-240DE7BA8DE2}
Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CDBurnerXP-->"h:\CDBurnerXP\unins000.exe"
Compaq Connections-->C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
DeepBurner v1.8.0.224-->"h:\DeepBurner\Uninstall.exe" "h:\DeepBurner\install.log"
Digital Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}\setup.exe"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DiRT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x9 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG
EPSON Photo Print-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Scanner Reference Guide-->C:\Program Files\epson\guide\uninstall.exe
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL
FATE from AOL (remove only)-->"H:\FATE\Uninstall.exe"
File Renamer - Basic-->C:\WINDOWS\File Renamer - Basic Uninstaller.exe
FLV Player 2.0, build 23-->h:\FLV Player\uninst.exe
Forbidden Forest-->C:\WINDOWS\uninst.exe -f"h:\Program Files\Cosmi\Forbidden Forest\DeIsL1.isu" -c"h:\Program Files\Cosmi\Forbidden Forest\_ISREG32.DLL"
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GSIM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\gsim.inf, Uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet printer preloaded drivers-->MsiExec.exe /X{48BD24F5-13DE-493A-A7CE-28A85113FF0C}
HP Photo Imaging Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
hp photosmart 1115 series-->rundll32 hpzcon04.dll,VendorJettison hp photosmart 1115 series
hp photosmart printer series (Remove only)-->C:\Program Files\hp photosmart\printer\hphuni03.exe
HP Share-to-Web-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exe" --MAIN -l9
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE
ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Indeo® Softw
  • 0

#4
kahdah
Posted 05 January 2009 - 07:26 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
For now because I cannot see if you use the Tea Timer with Spybot or not but it will prevent us from removing malware.
So please uninstall Sybot for now, you can re-install it later.
After that Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
tdouty
Posted 05 January 2009 - 12:37 PM

tdouty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here's the log file from ComboFix. I have temporarily disconnected the computer from the internet since the anti-virus protection is disabled.

What's next? It's still popping up windows from internet explorer that are trying to get me to click on links. It's trying to say there are viruses on it attempting to get me to click on the links to "correct" it.



ComboFix 09-01-05.01 - Owner 2009-01-05 12:01:41.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.802 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\MyWay
c:\program files\screensavers.com
c:\program files\screensavers.com\SSSInst\bin\iebyterange.xml
c:\program files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
c:\program files\screensavers.com\SSSInst\bin\SSSUninst.exe
c:\program files\screensavers.com\Wallpaper\swpstart.exe
c:\windows\bobsaver.exe
c:\windows\bobsaver.scr
c:\windows\system32\bKllmUvw.ini
c:\windows\system32\bKllmUvw.ini2
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaowrmwfve.sys
c:\windows\system32\hgGabaxu.dll
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\lepebete.dll
c:\windows\system32\msiconf.exe
c:\windows\system32\onrqivyg.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekalog.dat
c:\windows\system32\senekaoayepmdg.dll
c:\windows\system32\senekaornompxl.dll
c:\windows\system32\senekaxujyodor.dll
c:\windows\system32\ssqnOgef.dll
c:\windows\system32\wvUmllKb.dll
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Legacy_SVCPROC
-------\Legacy_ZESOFT


((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-04 22:00 . 2009-01-04 22:01 <DIR> d-------- C:\rsit
2009-01-04 22:00 . 2009-01-04 22:00 <DIR> d-------- c:\program files\trend micro
2009-01-04 17:52 . 2009-01-04 17:52 120 --ahs---- c:\windows\system32\ovesunov.ini
2009-01-04 01:53 . 2009-01-04 01:53 33,832 --a------ c:\windows\system32\pvdgmwjb.exe
2009-01-03 21:22 . 2009-01-03 21:22 1,152 --a------ c:\windows\system32\windrv.sys
2009-01-03 21:20 . 2009-01-03 21:20 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-03 21:08 . 2009-01-03 21:08 1,262,075 --ahs---- c:\windows\system32\ajirasay.ini
2009-01-03 21:03 . 2009-01-03 21:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM2NjA1MDh8_
2009-01-03 21:03 . 2009-01-03 21:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus
2009-01-03 20:54 . 2009-01-03 20:54 82,944 --a------ c:\windows\system32\bgl.exe
2009-01-03 20:51 . 2009-01-03 20:51 135,168 --a------ c:\windows\orakazaqa.dll
2009-01-03 20:39 . 2009-01-03 20:39 40,448 --a------ c:\windows\system32\k9261108.exe
2009-01-03 20:39 . 2009-01-03 20:39 40,448 --a------ c:\windows\Qqatakusadiyureg.dll
2009-01-03 20:38 . 2009-01-03 20:38 1,307,356 --ahs---- c:\windows\system32\gyviqrno.ini
2008-12-31 17:01 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-12-31 17:01 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-12-31 17:01 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-12-31 17:01 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-12-31 17:00 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-31 17:00 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-31 17:00 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-12-31 17:00 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-12-31 17:00 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-12-31 17:00 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-12-31 17:00 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2008-12-31 17:00 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2008-12-31 17:00 . 2007-03-05 12:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-12-29 12:00 . 2008-12-29 12:00 <DIR> d-------- c:\documents and settings\Owner\Application Data\Webfoot
2008-12-28 19:48 . 2008-12-28 19:48 <DIR> d-------- c:\program files\NZCSM
2008-12-27 21:02 . 2008-12-27 21:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Canneverbe_Limited
2008-12-16 11:20 . 2008-12-16 11:20 <DIR> d-------- c:\program files\Usability Sciences
2008-12-16 11:20 . 2008-04-15 05:58 91,520 --a------ c:\windows\system32\WebIQEngineSetup.exe
2008-12-13 20:36 . 2008-12-13 20:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Nikon
2008-12-13 20:36 . 2002-01-06 06:48 974,848 --a------ c:\windows\system32\mfc70.dll
2008-12-13 20:36 . 2004-01-29 20:12 944,640 --a------ c:\windows\system32\NEFLibrary3PS.dll
2008-12-13 20:36 . 2004-01-16 15:10 876,544 --a------ c:\windows\system32\Asteroid6.dll
2008-12-13 20:36 . 2003-12-08 11:08 495,616 -ra------ c:\windows\system32\DRAGNKL1.dll
2008-12-13 20:36 . 2004-01-27 11:00 307,200 --a------ c:\windows\system32\StdFilters3PS.dll
2008-12-13 20:36 . 2003-12-12 21:15 180,224 --a------ c:\windows\system32\Strato4.dll
2008-12-13 20:36 . 2003-12-08 11:19 151,552 -ra------ c:\windows\system32\picn1120.dll
2008-12-13 20:36 . 2003-12-08 11:19 143,360 -ra------ c:\windows\system32\picn1020.dll
2008-12-13 20:36 . 2003-12-12 21:19 139,264 --a------ c:\windows\system32\CML5.dll
2008-12-13 20:36 . 2003-12-15 16:30 98,304 -ra------ c:\windows\system32\RCSigProc.dll
2008-12-13 20:36 . 2004-01-14 09:36 52,224 -ra------ c:\windows\system32\RedEye.dll
2008-12-13 20:34 . 2008-12-13 20:38 <DIR> d-------- c:\program files\Common Files\Nikon
2008-12-06 20:36 . 2008-12-06 20:37 <DIR> d-------- c:\program files\AIM Toolbar
2008-12-06 20:36 . 2008-12-06 20:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2008-12-06 20:36 . 2008-12-06 20:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 15:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-05 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-04 02:49 --------- d-----w c:\program files\SpywareGuard
2008-12-31 21:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 19:54 31 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2008-12-22 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-12-21 23:47 --------- d-----w c:\program files\Viewpoint
2008-12-21 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-21 23:16 --------- d-----w c:\program files\LimeWire
2008-12-07 01:35 --------- d-----w c:\program files\AIM6
2008-12-07 01:35 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-03 05:31 --------- d-----w c:\documents and settings\Owner\Application Data\CoreFTP
2008-12-02 01:20 --------- d-----w c:\documents and settings\Owner\Application Data\SSH
2008-11-05 22:31 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-05-06 23:58 45,608 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-04-17 01:18 336 ----a-w c:\program files\temp995.bat
2008-01-08 20:16 32 ----a-r c:\documents and settings\All Users\hash.dat
1601-01-01 00:12 61,021 --sha-w c:\windows\system32\fehodubo.dll
1601-01-01 00:12 61,021 --sha-w c:\windows\system32\tigujuse.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d847d31-6c98-4ba9-95c7-000d3eafc854}]
61021 --ahs---- c:\windows\system32\tigujuse.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 446464]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon03"="c:\windows\System32\hphmon03.exe" [2001-10-25 311296]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2007-10-07 125368]
"flockbox"="h:\my lockbox\flockbox.exe" [2007-12-14 1071472]
"Otace"="c:\windows\orakazaqa.dll" [2009-01-03 135168]
"Lvetexuluqi"="c:\windows\Qqatakusadiyureg.dll" [2009-01-03 40448]
"waruhevozo"="c:\windows\system32\fehodubo.dll" [ 61021]
"0c18badd"="c:\windows\system32\tojapogu.dll" [2009-01-04 83765]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
RIPBAR95.exe [1996-01-07 413696]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-04-25 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - c:\windows\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2004-08-10 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 05:50 40960 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\lepebete.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Billminder.lnk]
backup=c:\windows\pss\Billminder.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c18badd]
--ahs---- 2009-01-04 09:24 83756 c:\windows\system32\vonusevo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 h:\adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 14:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 10:08 173304 c:\program files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2002-10-23 12:40 1163264 c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
--a------ 1998-12-10 12:57 37376 c:\progra~1\TEXTBR~1.0\Bin\INSTAN~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-12-10 17:32 155648 c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-12-10 17:31 61440 c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 16:54 127022 c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lvetexuluqi]
--a------ 2009-01-03 20:39 40448 c:\windows\Qqatakusadiyureg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
--a------ 2005-08-24 18:25 101080 c:\program files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2002-10-08 05:03 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Otace]
--a------ 2009-01-03 20:51 135168 c:\windows\orakazaqa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
--a------ 2000-03-01 08:37 48128 c:\program files\ScanSoft\PaperPort\PPWEBCAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-07-31 21:28 81920 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
--a------ 1998-12-10 11:33 23040 c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-24 17:34 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-29 08:48 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\waruhevozo]
--ahs---- 61021 c:\windows\system32\fehodubo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-19 18:34 3084288 c:\program files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\explorer.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2003-07-25 9344]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-09-12 17264]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-10-25 18864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-04 99376]
R4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;h:\adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2003-07-25 455552]
R4 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2003-12-29 4448]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-01 222456]
R4 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2003-12-29 3328]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-10-07 116664]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2005-12-30 10986]
S4 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2005-12-30 515803]
S4 mrtRate;mrtRate; [x]
S4 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-05 c:\windows\Tasks\bfgietes.job
- c:\windows\system32\rundll32.exe [2004-08-04 02:56]

2009-01-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{D7F892E8-BDDA-4288-805C-5270E065024F} - c:\windows\system32\wvUmllKb.dll
WebBrowser-{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - (no file)
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKCU-Run-WebCamRT.exe - (no file)
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-UDC Integration - (no file)
HKU-Default-Run-msiexec.exe - msiconf.exe
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
Notify-xxyyxwut - xxyyxwut.dll
MSConfigStartUp-DW4 - c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
MSConfigStartUp-prunnet - c:\windows\system32\prunnet.exe
MSConfigStartUp-SNM - c:\program files\SpyNoMore\SNM.exe
MSConfigStartUp-Spam Blocker for Outlook Express - c:\progra~1\SPAMBL~1\Bin\475~1.0\SBInst.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.psu.edu
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Search - ?p=ZJ
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Look Up in &Encyclopedia - c:\windows\Web\ERS_ENC.HTM
IE: {{240FF121-9EF3-4e9f-A397-9E189045B6A1}
Trusted Zone: free.aol.com
Trusted Zone: zone.msn.com

O16 -: DirectAnimation Java Classes - c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\RSGameLoader.dll - O16 -: RaptisoftGameLoader
hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
c:\windows\Downloaded Program Files\OSD28E7.OSD

c:\windows\Downloaded Program Files\CONFLICT.1\miniclipGameLoader.dll - O16 -: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99}
hxxp://www.miniclip.com/platypus/miniclipGameLoader.dll

O16 -: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
c:\windows\Downloaded Program Files\ActiveLauncherCabSetup.inf

O16 -: {88D758A3-D33B-45FD-91E3-67749B4057FA} - hxxp://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
c:\windows\Downloaded Program Files\sinstaller.inf

c:\windows\Downloaded Program Files\popcaploader.dll - O16 -: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
hxxp://www.popcap.com/games/popcaploader_v6.cab
c:\windows\Downloaded Program Files\popcaploader.inf
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hw7qatf8.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 12:49:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\ugopajot.ini 1261090 bytes


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
c:\program files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
h:\cdburnerxp\NMSAccessU.exe
c:\program files\Softex\OmniPass\omniServ.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
c:\windows\system32\hphipm09.exe
c:\program files\Microsoft Broadband Networking\MSBNTray.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\RIPBAR95.exe
c:\progra~1\Webshots\Webshots.scr
.
**************************************************************************
.
Completion time: 2009-01-05 13:09:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-05 18:08:03

Pre-Run: 9,216,933,888 bytes free
Post-Run: 9,633,464,320 bytes free

399 --- E O F --- 2009-01-05 17:39:07
  • 0

#6
kahdah
Posted 05 January 2009 - 07:57 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.

c:\windows\system32\pvdgmwjb.exe
c:\windows\system32\bgl.exe
c:\windows\system32\k9261108.exe

Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

It will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to yourmembername.cab

Click Here to upload the files please.
==========================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\ugopajot.ini 
c:\windows\system32\ovesunov.ini
c:\windows\system32\pvdgmwjb.exe
c:\windows\system32\ajirasay.ini
c:\windows\system32\bgl.exe
c:\windows\orakazaqa.dll
c:\windows\system32\k9261108.exe
c:\windows\Qqatakusadiyureg.dll
c:\windows\system32\gyviqrno.ini
c:\program files\temp995.bat
c:\windows\system32\fehodubo.dll
c:\windows\system32\tigujuse.dll
C:\windows\Tasks\bfgietes.job


Folder::
c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM2NjA1MDh8_
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus
c:\program files\Viewpoint


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d847d31-6c98-4ba9-95c7-000d3eafc854}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Otace"=-
"Lvetexuluqi"=-
"waruhevozo"=-
"0c18badd"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lvetexuluqi]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\waruhevozo]
O16 -: {88D758A3-D33B-45FD-91E3-67749B4057FA} - hxxp://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

FireFox::
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
tdouty
Posted 06 January 2009 - 05:36 PM

tdouty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I submitted the cab file.

I'll submit the results of combofix soon. I don't have hijackthis. Do I need it and if so, where can I download it?
  • 0

#8
tdouty
Posted 06 January 2009 - 06:52 PM

tdouty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix rebooted the computer and has been running for over an hour. It just says "Please wait.".
  • 0

#9
kahdah
Posted 07 January 2009 - 07:15 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You can get it here:
Posted ImageClick here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Did Combofix ever finish?
  • 0

#10
tdouty
Posted 07 January 2009 - 07:44 AM

tdouty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
No, I let it go all night and it still says "Please wait." this morning. If I reboot it, will ComboFix start running again and if it does, will it be running with CFScript.txt?
  • 0

Advertisements

#11
kahdah
Posted 07 January 2009 - 07:50 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Go ahead and manually stop Combofix.
Then see if a log is produced here C:\Combofix.txt or here C:\Combofix\Combofix.txt
Post it here if you find it.
  • 0

#12
tdouty
Posted 07 January 2009 - 07:35 PM

tdouty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I manually stopped ComboFix. I found a ConboFix.txt file dated 1/6/2009 so this should be the right date; however, the log seems way too small. One thing to note is that ComboFix asked me if I wanted to update the exe before I ran it and I did so. Perhaps that was not good to do??

Here is the ComboFix.txt file:

ComboFix 09-01-05.05 - Owner 2009-01-06 18:40:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.349 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\program files\temp995.bat
c:\windows\orakazaqa.dll
c:\windows\Qqatakusadiyureg.dll
c:\windows\system32\ajirasay.ini
c:\windows\system32\bgl.exe
c:\windows\system32\fehodubo.dll
c:\windows\system32\gyviqrno.ini
c:\windows\system32\k9261108.exe
c:\windows\system32\ovesunov.ini
c:\windows\system32\pvdgmwjb.exe
c:\windows\system32\tigujuse.dll
c:\windows\system32\ugopajot.ini
C:\windows\Tasks\bfgietes.job


I'm now going to run HijackThis and I'll post the results here when it's done.
  • 0

#13
tdouty
Posted 07 January 2009 - 07:36 PM

tdouty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the results of HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35, on 2009-01-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
H:\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
h:\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
H:\My Lockbox\flockbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RIPBAR95.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.psu.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox...aspx?tbid=80107
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80107
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0d847d31-6c98-4ba9-95c7-000d3eafc854} - C:\WINDOWS\system32\tuwebake.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [flockbox] h:\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [waruhevozo] Rundll32.exe "C:\WINDOWS\system32\lolepiju.dll",s
O4 - HKLM\..\Run: [CPM0f2b8941] Rundll32.exe "c:\windows\system32\watekoda.dll",a
O4 - HKLM\..\Run: [0c18badd] rundll32.exe "C:\WINDOWS\system32\manemanu.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [waruhevozo] Rundll32.exe "C:\WINDOWS\system32\lolepiju.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [waruhevozo] Rundll32.exe "C:\WINDOWS\system32\lolepiju.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: RIPBAR95.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: GotSmiley - {240FF121-9EF3-4e9f-A397-9E189045B6A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GotSmiley - {240FF121-9EF3-4e9f-A397-9E189045B6A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://zone.msn.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\yofadiji.dll c:\windows\system32\watekoda.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\watekoda.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\watekoda.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - H:\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - h:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - http://www.thecatgal...aying-cat-2.JPG

--
End of file - 14679 bytes
  • 0

#14
tdouty
Posted 07 January 2009 - 07:40 PM

tdouty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I just realized that Spyware Guard was running when I ran HijackThis so I exited that program and ran JijackThis again. Here are the results of that run:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38, on 2009-01-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
H:\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
h:\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
H:\My Lockbox\flockbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RIPBAR95.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.psu.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox...aspx?tbid=80107
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80107
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0d847d31-6c98-4ba9-95c7-000d3eafc854} - C:\WINDOWS\system32\tuwebake.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [flockbox] h:\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [waruhevozo] Rundll32.exe "C:\WINDOWS\system32\lolepiju.dll",s
O4 - HKLM\..\Run: [CPM0f2b8941] Rundll32.exe "c:\windows\system32\watekoda.dll",a
O4 - HKLM\..\Run: [0c18badd] rundll32.exe "C:\WINDOWS\system32\manemanu.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [waruhevozo] Rundll32.exe "C:\WINDOWS\system32\lolepiju.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [waruhevozo] Rundll32.exe "C:\WINDOWS\system32\lolepiju.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: RIPBAR95.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: GotSmiley - {240FF121-9EF3-4e9f-A397-9E189045B6A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GotSmiley - {240FF121-9EF3-4e9f-A397-9E189045B6A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://zone.msn.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\yofadiji.dll c:\windows\system32\watekoda.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\watekoda.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\watekoda.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - H:\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - h:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - http://www.thecatgal...aying-cat-2.JPG

--
End of file - 14596 bytes
  • 0

#15
kahdah
Posted 07 January 2009 - 07:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok because the Combofix log wasn't completed I will need for you to run Rsit again and post the log or logs it produces.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP