1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Trojan Vundo

Discussion in 'Malware and Virus Removal Archive' started by jamon08, 2008/10/10.

Page 1 of 2
  1. 2008/10/10
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    [Resolved] Trojan Vundo

    :eek: Back again, with a Trojan or two that I have tried to shake unsucessfully using symatec tools.
    Plz can the BBS team can help me ?

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by DAD at 2008-10-11 17:14:50
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 27 GB (74%) free of 36 GB
    Total RAM: 223 MB (20% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:15:20 p.m., on 11/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\DAD\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\DAD.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1665e80a-2dfe-4db9-a2f2-a79faee87ef4} - (no file)
    O2 - BHO: (no name) - {1764AF3F-400C-415E-9A92-67A7D55C2C71} - C:\WINDOWS\system32\pmnmlljk.dll (file missing)
    O2 - BHO: (no name) - {1C930E77-1B7D-46F3-8E04-B6215A3458D7} - (no file)
    O2 - BHO: (no name) - {2A18B67E-21CE-419B-9BC0-AA5187D45014} - (no file)
    O2 - BHO: (no name) - {42FA0E33-AABF-4962-9262-466000BFB4F2} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {56eeaca5-50d3-43f5-9649-feaef9bbf661} - (no file)
    O2 - BHO: (no name) - {58F6BFF8-1985-4E61-9374-AC310765F09B} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {76610731-2FA2-40EC-9DEA-C7BF66B08901} - (no file)
    O2 - BHO: (no name) - {A2CE7C16-618F-4E4A-A1F2-E46F40987F85} - (no file)
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {D68D6474-5F82-48BD-B9E0-363DDBA0FA2C} - (no file)
    O2 - BHO: (no name) - {E639B201-1432-4E21-BA71-4F0F3D74A308} - (no file)
    O2 - BHO: (no name) - {E9957AAD-F7CC-47EF-8A72-E85C6634E36E} - C:\WINDOWS\system32\ljJCspqP.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ygmelsys.dll ",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.kol.co.nz
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://nztxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4004673-4AD4-44AB-89BC-FCCC626FD816}: NameServer = 210.55.12.1 210.55.12.2
    O20 - AppInit_DLLs: cjnikt.dll rwgjzd.dll utapqi.dll
    O20 - Winlogon Notify: pmnmlljk - pmnmlljk.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 9669 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - DAD.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1665e80a-2dfe-4db9-a2f2-a79faee87ef4}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1764AF3F-400C-415E-9A92-67A7D55C2C71}]
    C:\WINDOWS\system32\pmnmlljk.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C930E77-1B7D-46F3-8E04-B6215A3458D7}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A18B67E-21CE-419B-9BC0-AA5187D45014}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42FA0E33-AABF-4962-9262-466000BFB4F2}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56eeaca5-50d3-43f5-9649-feaef9bbf661}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F6BFF8-1985-4E61-9374-AC310765F09B}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76610731-2FA2-40EC-9DEA-C7BF66B08901}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2CE7C16-618F-4E4A-A1F2-E46F40987F85}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
    CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar5.dll [2006-10-12 2108480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-06 734704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D68D6474-5F82-48BD-B9E0-363DDBA0FA2C}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E639B201-1432-4E21-BA71-4F0F3D74A308}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9957AAD-F7CC-47EF-8A72-E85C6634E36E}]
    C:\WINDOWS\system32\ljJCspqP.dll [2008-09-28 284160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2006-10-12 2108480]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp "=Alaunch []
    "SiSPower "=C:\WINDOWS\system32\SiSPower.dll [2005-07-13 49152]
    "SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2005-12-14 577536]
    "SMSERIAL "=C:\WINDOWS\sm56hlpr.exe [2005-06-06 544768]
    "ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-08 53096]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "Symantec PIF AlertEng "=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "320d18a1 "=C:\WINDOWS\system32\ygmelsys.dll []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-30 68856]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "cjnikt.dll rwgjzd.dll utapqi.dll "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-01-04 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmlljk]
    pmnmlljk.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{1764AF3F-400C-415E-9A92-67A7D55C2C71} "=C:\WINDOWS\system32\pmnmlljk.dll []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages "=msv1_0
    C:\WINDOWS\system32\ljJCspqP

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\System32\lexpps.exe "= "C:\WINDOWS\System32\lexpps.exe:*:Disabled:LEXPPS.EXE "
    "C:\Program Files\Acer\Acer eConsole\MediaSync.exe "= "C:\Program Files\Acer\Acer eConsole\MediaSync.exe:*:Disabled:Media Synchronizer "
    "C:\WINDOWS\System32\dpvsetup.exe "= "C:\WINDOWS\System32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test "
    "C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe "= "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "
    "C:\Program Files\Messenger\MSMSGS.EXE "= "C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger "
    "C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
    "C:\WINDOWS\System32\rundll32.exe "= "C:\WINDOWS\System32\rundll32.exe:*:Enabled:Run a DLL as an App "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "

    ======List of files/folders created in the last 3 months======

    2008-10-11 17:14:50 ----D---- C:\rsit
    2008-10-11 16:14:21 ----SH---- C:\WINDOWS\system32\qjwlncny.ini
    2008-10-11 16:13:58 ----A---- C:\WINDOWS\system32\yncnlwjq.dll
    2008-10-11 16:11:40 ----A---- C:\WINDOWS\system32\gmwehhah.dll
    2008-10-11 16:11:35 ----A---- C:\WINDOWS\system32\utapqi.dll
    2008-10-11 16:11:16 ----A---- C:\WINDOWS\system32\qmqdtcmn.dll
    2008-10-10 07:55:04 ----SH---- C:\WINDOWS\system32\syslemgy.ini
    2008-10-10 07:49:43 ----A---- C:\WINDOWS\system32\slkyzs.dll
    2008-10-10 07:49:22 ----A---- C:\WINDOWS\system32\rewjclog.dll
    2008-10-08 19:45:50 ----A---- C:\WINDOWS\system32\rwgjzd.dll
    2008-10-08 19:45:29 ----A---- C:\WINDOWS\system32\lxyhmkpw.dll
    2008-10-08 19:41:00 ----SH---- C:\WINDOWS\system32\oncvmcox.ini
    2008-10-08 19:40:49 ----A---- C:\WINDOWS\system32\xocmvcno.dll
    2008-10-06 10:49:44 ----A---- C:\WINDOWS\system32\ghexqe.dll
    2008-10-06 10:49:25 ----A---- C:\WINDOWS\system32\awwioihu.dll
    2008-10-06 10:46:24 ----SH---- C:\WINDOWS\system32\yplgbvct.ini
    2008-10-06 10:43:25 ----A---- C:\WINDOWS\system32\ylkdkugu.dll
    2008-10-06 09:40:53 ----SH---- C:\WINDOWS\system32\ainsaenn.ini
    2008-10-06 09:40:53 ----A---- C:\WINDOWS\system32\yyhvhiwe.dll
    2008-10-06 09:37:24 ----A---- C:\WINDOWS\system32\yxdpgx.dll
    2008-10-06 09:37:24 ----A---- C:\WINDOWS\system32\wdhhcoao.dll
    2008-10-06 09:35:35 ----A---- C:\WINDOWS\system32\vlpqoniq.dll
    2008-10-05 09:23:54 ----A---- C:\WINDOWS\system32\kkhkth.dll
    2008-10-05 09:23:35 ----A---- C:\WINDOWS\system32\sjrehsyq.dll
    2008-10-05 09:20:51 ----SH---- C:\WINDOWS\system32\hdgawkea.ini
    2008-10-05 09:20:29 ----A---- C:\WINDOWS\system32\aekwagdh.dll
    2008-10-05 09:18:05 ----A---- C:\WINDOWS\system32\ahfgwxfv.dll
    2008-10-05 09:17:20 ----A---- C:\WINDOWS\system32\iiedhcyh.dll
    2008-10-05 08:19:41 ----A---- C:\WINDOWS\system32\sdhcpytc.dll
    2008-10-05 08:16:57 ----SH---- C:\WINDOWS\system32\pxknsocm.ini
    2008-10-05 08:16:41 ----A---- C:\WINDOWS\system32\mcosnkxp.dll
    2008-10-04 06:58:14 ----A---- C:\WINDOWS\system32\vuyees.dll
    2008-10-04 06:57:24 ----A---- C:\WINDOWS\system32\fajldpyi.dll
    2008-10-04 06:57:18 ----SH---- C:\WINDOWS\system32\jhlveddv.ini
    2008-10-04 06:57:04 ----A---- C:\WINDOWS\system32\vddevlhj.dll
    2008-10-04 06:54:40 ----A---- C:\WINDOWS\system32\ugldmuwx.dll
    2008-10-03 11:01:01 ----A---- C:\WINDOWS\system32\mcrh.tmp
    2008-10-02 18:01:44 ----SHD---- C:\FOUND.009
    2008-10-02 06:16:07 ----A---- C:\WINDOWS\wininit.ini
    2008-10-01 21:56:52 ----A---- C:\WINDOWS\system32\kxqtty.dll
    2008-10-01 21:55:05 ----A---- C:\WINDOWS\system32\fflpsicf.dll
    2008-10-01 21:52:42 ----A---- C:\WINDOWS\system32\ykqmjkin.dll
    2008-10-01 21:52:33 ----SH---- C:\WINDOWS\system32\rbufbice.ini
    2008-10-01 21:50:17 ----A---- C:\WINDOWS\system32\ecibfubr.dll
    2008-09-30 19:39:56 ----SHD---- C:\FOUND.008
    2008-09-30 17:31:02 ----A---- C:\WINDOWS\system32\rowsokyw.dll
    2008-09-30 17:28:24 ----SH---- C:\WINDOWS\system32\xhdhdgfv.ini
    2008-09-28 20:24:25 ----A---- C:\WINDOWS\system32\bskjpi.dll
    2008-09-28 20:23:50 ----A---- C:\WINDOWS\system32\mfymbvqv.dll
    2008-09-28 20:21:07 ----SH---- C:\WINDOWS\system32\fowoaayr.ini
    2008-09-28 20:20:32 ----A---- C:\WINDOWS\system32\aaqrmhnc.dll
    2008-09-28 19:56:20 ----SHD---- C:\FOUND.007
    2008-09-28 18:18:50 ----A---- C:\WINDOWS\system32\cjnikt.dll
    2008-09-28 18:18:29 ----A---- C:\WINDOWS\system32\lbcaedoa.dll
    2008-09-28 18:15:29 ----A---- C:\WINDOWS\system32\lagkrmxa.dll
    2008-09-28 18:12:51 ----SH---- C:\WINDOWS\system32\jmvpkshp.ini
    2008-09-28 17:40:37 ----A---- C:\WINDOWS\system32\aldied.dll
    2008-09-28 17:40:36 ----A---- C:\WINDOWS\system32\yflwqujh.dll
    2008-09-28 17:37:33 ----SH---- C:\WINDOWS\system32\ogovpqli.ini
    2008-09-28 17:34:34 ----A---- C:\WINDOWS\system32\ykkqngeg.dll
    2008-09-28 15:11:25 ----SH---- C:\WINDOWS\system32\luqnhfki.ini
    2008-09-28 15:10:50 ----A---- C:\WINDOWS\system32\rcmqjq.dll
    2008-09-28 15:10:18 ----A---- C:\WINDOWS\system32\nojkphne.dll
    2008-09-28 14:31:35 ----A---- C:\WINDOWS\system32\einmcsnl.dll
    2008-09-28 14:30:46 ----A---- C:\WINDOWS\BM313e2b3d.txt
    2008-09-28 14:29:38 ----A---- C:\WINDOWS\system32\392edcdf-.txt
    2008-09-28 14:28:32 ----ASH---- C:\WINDOWS\system32\PqpsCJjl.ini2
    2008-09-28 14:28:31 ----ASH---- C:\WINDOWS\system32\PqpsCJjl.ini
    2008-09-28 14:27:05 ----A---- C:\WINDOWS\system32\ljJCspqP.dll
    2008-09-28 14:22:24 ----D---- C:\WINDOWS\system32\mC02
    2008-09-28 14:22:24 ----D---- C:\Temp
    2008-09-28 14:21:48 ----A---- C:\WINDOWS\system32\jkkHwxYO.dll
    2008-09-24 15:49:13 ----D---- C:\WINDOWS\UbiSoft
    2008-09-18 14:15:39 ----D---- C:\Program Files\Common Files\Adobe AIR
    2008-09-18 14:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-09-18 14:13:00 ----D---- C:\Program Files\Common Files\Adobe
    2008-09-18 11:53:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-18 11:53:14 ----D---- C:\Program Files\NOS
    2008-09-12 19:28:39 ----D---- C:\Documents and Settings\DAD\Application Data\Big Fish Games
    2008-09-10 19:01:18 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-10 19:00:45 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-08-15 19:10:43 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 19:10:28 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 19:10:13 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 19:09:48 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 19:05:45 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 19:05:18 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 19:02:21 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-10 18:57:49 ----D---- C:\Program Files\U.B. Funkeys
    2008-07-16 22:13:54 ----D---- C:\Program Files\Sun
    2008-07-16 22:11:32 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-16 22:11:32 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-16 22:11:32 ----A---- C:\WINDOWS\system32\java.exe

    ======List of files/folders modified in the last 3 months======

    2008-10-11 16:40:30 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
    2008-10-11 16:30:22 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-11 16:03:42 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-10-08 22:09:06 ----RASH---- C:\boot.ini
    2008-10-08 22:09:06 ----A---- C:\WINDOWS\win.ini
    2008-10-08 22:09:06 ----A---- C:\WINDOWS\system.ini
    2008-10-05 08:45:08 ----A---- C:\WINDOWS\LEXSTAT.INI
    2008-09-10 19:01:00 ----A---- C:\WINDOWS\imsins.BAK
    2008-08-27 08:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
    2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-07-14 23:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 SAVRT;SAVRT; \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS []
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
    R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-07-13 11904]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-12-16 3842560]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081010.004\NAVENG.Sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081010.004\NavEx15.Sys []
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-10-19 6144]
    R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-07-13 257024]
    R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
    R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-06-06 925192]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081009.001\symidsco.sys []
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys []
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-04 1420288]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-09-19 492592]
    S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-09-19 816704]
    S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-09-19 113520]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSHGX;SHARP GSM GPRS USB Driver 2.0.0; C:\WINDOWS\system32\DRIVERS\usbgx_2.sys [2004-03-25 24144]
    S3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2008-08-10 186592]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-01-08 191848]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-01-08 169320]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
    R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [2007-05-23 46704]
    R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
    R2 SPBBCSvc;SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-11-03 1160848]
    R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-01 1251720]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
    S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-04 405504]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-04 520192]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
    S3 SAVScan;Symantec AVScan; C:\Program Files\Norton AntiVirus\SAVScan.exe [2005-12-19 198416]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------



    Cheers:)
     
    jamon08,
    #1
  2. 2008/10/10
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Part 2

    info.txt logfile of random's system information tool 1.04 2008-10-11 17:15:29

    ======Uninstall list======

    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
    Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
    ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEF2E5A3-0317-4822-B930-8B721EB483E4}\setup.exe" -l0x9 -uninst
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
    CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
    ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
    ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
    ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
    ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
    ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
    ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
    ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
    ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
    ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
    essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
    fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar5.dll "
    GX15_GX-T15_GX-L15 USB-Handset Manager-->C:\WINDOWS\USBGX15phmgunin.exe C:\Program Files\GX15_GX-T15_GX-L15 USB-Handset Manager\FileList.ini
    HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
    Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
    Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB893357)--> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB914440)--> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB926239)--> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
    Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
    kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
    kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
    kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
    kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
    kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
    kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
    kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
    Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_dc4fc7\Setup.exe /APR-REMOVE
    Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
    LimeWire PRO 4.14.12--> "C:\Program Files\LimeWire\uninstall.exe "
    LiveUpdate 3.0 (Symantec Corporation)--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
    Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
    Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
    Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
    Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
    Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    NAVShortcut-->MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
    netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
    Norton AntiVirus 2006 (Symantec Corporation)--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
    Norton AntiVirus 2006-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
    Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
    Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
    Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
    Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
    OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
    Security Update for Step By Step Interactive Training (KB898458)--> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB929969)--> "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
    Security Update for Windows Media Player (KB911564)--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB883939)--> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB890046)--> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB893066)--> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896422)--> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896424)--> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899588)--> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901190)--> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB903235)--> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB904706)--> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905915)--> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB908519)--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911562)--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB912919)--> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
    Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB914388)--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB916281)--> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917159)--> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917344)--> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917422)--> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917953)--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918439)--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918899)--> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB919007)--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920214)--> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920670)--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920683)--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920685)--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB921398)--> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB921503)--> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB921883)--> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB922616)--> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB922760)--> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923191)--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923414)--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923694)--> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924191)--> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924270)--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB925454)--> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB925486)--> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941693)--> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB945553)--> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB948590)--> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB948881)--> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950749)--> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
    SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
    SHARP GSM GPRS USB Driver Ver2.0.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3D4B89AC-B4B3-47D4-8CEE-85390508F3D6} /l1033
    SHARP GSM GPRS Wizard Ver4.0.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D0F38BEC-C3ED-4620-A4A8-FFB4993BA297} /l1033
    SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
    SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem2.inf
    SiSAGP driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
    skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
    SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
    SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
    staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
    Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
    Symantec Technical Support Web Controls-->MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
    Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
    tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
    Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
    Update for Windows XP (KB896727)--> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe "
    Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
    Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
    Update for Windows XP (KB904942)--> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe "
    Update for Windows XP (KB908531)--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
    Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
    Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
    Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
    Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
    Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
    Update for Windows XP (KB929338)--> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe "
    Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
    Update for Windows XP (KB931836)--> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe "
    Update for Windows XP (KB932823-v3)--> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe "
    Update for Windows XP (KB933360)--> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe "
    Update for Windows XP (KB936357)--> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe "
    Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
    Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
    Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
    VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
    Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
    Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
    Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
    Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
    Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
    Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
    Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
    Windows XP Hotfix - KB890923--> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe "
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Windows XP Hotfix - KB893086--> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe "
    WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

    =====HijackThis Backups=====

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab

    ======Hosts File======

    127.0.0.1 localhost
    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: Norton AntiVirus 2006
    FW: Norton Internet Worm Protection

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir "=%SystemRoot%
    "FP_NO_HOST_CHECK "=NO
    "OS "=Windows_NT
    "PROCESSOR_ARCHITECTURE "=x86
    "PROCESSOR_LEVEL "=15
    "PROCESSOR_IDENTIFIER "=x86 Family 15 Model 4 Stepping 9, GenuineIntel
    "PROCESSOR_REVISION "=0409
    "NUMBER_OF_PROCESSORS "=1
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP

    -----------------EOF-----------------
    cheers
     
    jamon08,
    #2


  3. to hide this advert.

  4. 2008/10/11
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a HJT log and start a new topic.

    Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close every window that is open later in the fix.


    Welcome




    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

    # Open Spybot Search & Destroy.
    # In the Mode menu click "Advanced mode" if not already selected.
    # Choose "Yes" at the Warning prompt.
    # Expand the "Tools" menu.
    # Click "Resident ".
    # Uncheck the "Resident "TeaTimer" (Protection of overall system settings)
    active." box.
    # In the File menu click "Exit" to exit Spybot Search & Destroy.

    * See this link for a tutorial http://russelltexas.com/malware/teatimer.htm




    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


    O2 - BHO: (no name) - {1665e80a-2dfe-4db9-a2f2-a79faee87ef4} - (no file)
    O2 - BHO: (no name) - {1764AF3F-400C-415E-9A92-67A7D55C2C71} - C:\WINDOWS\system32\pmnmlljk.dll (file missing)
    O2 - BHO: (no name) - {1C930E77-1B7D-46F3-8E04-B6215A3458D7} - (no file)
    O2 - BHO: (no name) - {2A18B67E-21CE-419B-9BC0-AA5187D45014} - (no file)
    O2 - BHO: (no name) - {42FA0E33-AABF-4962-9262-466000BFB4F2} - (no file)
    O2 - BHO: (no name) - {56eeaca5-50d3-43f5-9649-feaef9bbf661} - (no file)
    O2 - BHO: (no name) - {58F6BFF8-1985-4E61-9374-AC310765F09B} - (no file)
    O2 - BHO: (no name) - {76610731-2FA2-40EC-9DEA-C7BF66B08901} - (no file)
    O2 - BHO: (no name) - {A2CE7C16-618F-4E4A-A1F2-E46F40987F85} - (no file)
    O2 - BHO: (no name) - {D68D6474-5F82-48BD-B9E0-363DDBA0FA2C} - (no file)
    O2 - BHO: (no name) - {E639B201-1432-4E21-BA71-4F0F3D74A308} - (no file)
    O2 - BHO: (no name) - {E9957AAD-F7CC-47EF-8A72-E85C6634E36E} - C:\WINDOWS\system32\ljJCspqP.dll
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ygmelsys.dll ",b
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O20 - AppInit_DLLs: cjnikt.dll rwgjzd.dll utapqi.dll
    O20 - Winlogon Notify: pmnmlljk - pmnmlljk.dll (file missing)



    Please download Malwarebytes' Anti-Malware to your desktop

    Additional Link

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location.
    * You can also access the log by doing the following:

    o Click on the Malwarebytes' Anti-Malware icon to launch the program.
    o Click on the Logs tab.
    o Click on the log at the bottom of those listed to highlight it.
    o Click Open.

    Tutorial if needed
    http://thespykiller.co.uk/index.php/topic,5946.0.html

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    In your next reply post:
    Malwarebytes' Anti-Malware
    New HJT log
     
    Juliet,
    #3
  5. 2008/10/11
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Hi Juliet,

    as requested..

    Malwarebytes' Anti-Malware 1.28
    Database version: 1259
    Windows 5.1.2600 Service Pack 2

    12/10/2008 2:42:51 p.m.
    mbam-log-2008-10-12 (14-42-51).txt

    Scan type: Quick Scan
    Objects scanned: 46336
    Time elapsed: 5 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 12
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 27

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\ljJCspqP.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\cjnikt.dll (Trojan.Vundo) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1764af3f-400c-415e-9a92-67a7d55c2c71} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmlljk (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1764af3f-400c-415e-9a92-67a7d55c2c71} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecaedf43-3386-4496-84e1-e552cc48ecb8} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{ecaedf43-3386-4496-84e1-e552cc48ecb8} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6179f921-6158-4d69-bbdf-950c632c24c6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{873f1a78-33f5-4be4-a1ac-933b5d83bb02} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjcspqp -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjcspqp -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\pmnmlljk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJCspqP.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\PqpsCJjl.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\PqpsCJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vddevlhj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jhlveddv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcosnkxp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pxknsocm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ecibfubr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rbufbice.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aekwagdh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hdgawkea.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xocmvcno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oncvmcox.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yncnlwjq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qjwlncny.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nojkphne.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rcmqjq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yflwqujh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aldied.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mfymbvqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bskjpi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lbcaedoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cjnikt.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:00:48 p.m., on 12/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2B20610F-D864-49E5-BE89-694B5379BE6B} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {ECAEDF43-3386-4496-84E1-E552CC48ECB8} - (no file)
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.kol.co.nz
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://nztxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    O20 - Winlogon Notify: pmnmlljk - C:\WINDOWS\
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8194 bytes

    How it looking ?

    Jay:)
     
    jamon08,
    #4
  6. 2008/10/11
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Welcome back

    It took out a chunk didn't it...

    Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close every window that is open later in the fix.


    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.





    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

    O2 - BHO: (no name) - {2B20610F-D864-49E5-BE89-694B5379BE6B} - (no file)
    O2 - BHO: (no name) - {ECAEDF43-3386-4496-84E1-E552CC48ECB8} - (no file)
    O20 - Winlogon Notify: pmnmlljk - C:\WINDOWS\



    NEXT**
    Go to Start > Control Panel > Internet Options
    In the General tab, Temporary Internet Files, click:Delete Files When prompted, check:Delete all offline content
    You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)
    Click OK

    For I.E. 7 - under Browsing History, click delete... Under Temporary Internet Files, click Delete files...

    Then, go to Start >Run and enter: cleanmgr
    Select the drive to clean: C:\
    Check the following boxes and then press OK to remove:
    Temporary Files
    Temporary Internet Files
    RecycleBin
    Agree to the prompt to perform the action...


    Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
    Follow the instructions for the browser you use.
    Read the instructions about the cookies. Delete what you do not need.

    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache
    The rest are optional - if you want to remove the lot, check "Select All ".
    Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
    If you use the Firefox or Opera browsers, you can use this program
    as a quick way to tidy those up as well.
    When you have finished, click on the Exit button in the Main menu.





    NEXT**
    I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
    The below scan can take up to an hour or longer, please be patient.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


    Please do a scan with Kaspersky Online Scanner or from here
    http://www.kaspersky.com/virusscanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    [*]The program will install and then begin downloading the latest definition
    files.
    [*]After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    [*]This will start the program and scan your system.
    [*]The scan will take a while, so be patient and let it run. (At times it may appear to stall)
    * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Once the scan is complete, click on View scan report To obtain the report:
    Click on: Save Report As
    Next, in the Save as prompt, Save in area, select: Desktop
    In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
    Text file [*.txt]
    Then, click: Save
    Please post the Kaspersky Online Scanner Report in
    your reply.

    Animated tutorial
    http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

    (Note.. for Internet Explorer 7 users:
    If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%    .)
    Or use Firefox with IE-Tab plugin
    https://addons.mozilla.org/en-US/firefox/addon/1419




    NEXT**
    [*]Double click on RSIT.exe to run RSIT.
    [*]Click Continue at the disclaimer screen.
    [*]Once it has finished, two logs will open. Please post the contents of the log.txt




    In your next reply post:
    Kaspersky log
    RSIT log.txt
    New HJT log taken after the above scan has run

    Please give me an update on how the computer is at the moment.

    You may need several replies to post the requested logs, otherwise they might get cut off.
     
    Juliet,
    #5
  7. 2008/10/12
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Hi Juliet,
    Can I have some help with the Kaspersky Online Scanner, it would not give me the "accept " option, it said I needed Java Version 1.5 or newer but I'm sure I have Version 6, or it was the fact I hadn't disabled Spybot (# Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box) or Norton properly (Turned off firewall, Auto Protect and Updates).
    What am I doing wrong ?
    J
     
    Last edited: 2008/10/12
    jamon08,
    #6
  8. 2008/10/12
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    It's possible Norton interfered here but we can't say.

    Go to add/remove programs and see if Kaspersky is listed in any way and if it is select remove.

    Now disable TeaTimer and Norton and try this link

    http://www.kaspersky.nl/scanforvirus-en/kavwebscan.html


    If it still wont run we'll try another.

    Let's try another online scan with Panda ActiveScan

    * Click on Scan Your PC Now
    * A "pop up" window will appear, or a new tab will open.
    * Click on Register
    * Choose the option you like most, but we recommend the Free Registration.
    * Click on Register [​IMG]
    * Enter your e-mail address, and create a password.
    * Select "I do not want to receive any type of information ". (unless you want to receive such information)
    * Click on Send
    * Confirm registration, and continue by entering your user name and password, then click on Enter
    * Select Full Scan, then Click on Scan Now
    * Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
    * If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
    * Please ignore the offer to buy the program.
    Click on Export To [​IMG]

    * Export the log and save it to your desktop.
    Please post this report in your next reply.

    * Turn off the real time scanner of any existing antivirus program while performing the online scan
     
    Juliet,
    #7
  9. 2008/10/12
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Hi Juliet,
    I tried the Kaspersky scan, but it said "license had expired ", so I used Panda ActiveScan. It found a 14 baddies but only dealt to 3.

    I see the following keep reappearing even after I had fixed a couple of times..
    O2 - BHO: (no name) - {2B20610F-D864-49E5-BE89-694B5379BE6B} - (no file)
    O2 - BHO: (no name) - {ECAEDF43-3386-4496-84E1-E552CC48ECB8} - (no file)
    O20 - Winlogon Notify: pmnmlljk - C:\WINDOWS\
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    Logs attached

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:09:04 a.m., on 13/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ygmelsys.dll ",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.kol.co.nz
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://nztxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4004673-4AD4-44AB-89BC-FCCC626FD816}: NameServer = 210.55.12.1 210.55.12.2
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8342 bytes
     
    jamon08,
    #8
  10. 2008/10/12
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Part 2

    Logfile of random's system information tool 1.04 (written by random/random    )
    Run by DAD at 2008-10-13 06:07:47
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 27 GB (76%) free of 36 GB
    Total RAM: 223 MB (41% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:07:58 a.m., on 13/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\DAD\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\DAD.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ygmelsys.dll ",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.kol.co.nz
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://nztxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4004673-4AD4-44AB-89BC-FCCC626FD816}: NameServer = 210.55.12.1 210.55.12.2
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8383 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - DAD.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
    CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar5.dll [2006-10-12 2108480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-06 734704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2006-10-12 2108480]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp "=Alaunch []
    "SiSPower "=C:\WINDOWS\system32\SiSPower.dll [2005-07-13 49152]
    "SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2005-12-14 577536]
    "SMSERIAL "=C:\WINDOWS\sm56hlpr.exe [2005-06-06 544768]
    "ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-08 53096]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "Symantec PIF AlertEng "=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "320d18a1 "=C:\WINDOWS\system32\ygmelsys.dll []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-30 68856]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-01-04 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{1764AF3F-400C-415E-9A92-67A7D55C2C71} "= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\System32\lexpps.exe "= "C:\WINDOWS\System32\lexpps.exe:*:Disabled:LEXPPS.EXE "
    "C:\Program Files\Acer\Acer eConsole\MediaSync.exe "= "C:\Program Files\Acer\Acer eConsole\MediaSync.exe:*:Disabled:Media Synchronizer "
    "C:\WINDOWS\System32\dpvsetup.exe "= "C:\WINDOWS\System32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test "
    "C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe "= "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "
    "C:\Program Files\Messenger\MSMSGS.EXE "= "C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger "
    "C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
    "C:\WINDOWS\System32\rundll32.exe "= "C:\WINDOWS\System32\rundll32.exe:*:Enabled:Run a DLL as an App "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "

    ======List of files/folders created in the last 3 months======

    2008-10-13 03:10:22 ----D---- C:\Program Files\Panda Security
    2008-10-13 02:48:18 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-10-13 02:48:16 ----D---- C:\WINDOWS\system32\Kaspersky Lab
    2008-10-13 02:42:10 ----D---- C:\WINDOWS\LastGood
    2008-10-12 14:23:07 ----D---- C:\Documents and Settings\DAD\Application Data\Malwarebytes
    2008-10-12 14:22:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-12 14:22:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 17:14:50 ----D---- C:\rsit
    2008-10-11 16:11:40 ----A---- C:\WINDOWS\system32\gmwehhah.dll
    2008-10-10 07:55:04 ----SH---- C:\WINDOWS\system32\syslemgy.ini
    2008-10-10 07:49:43 ----A---- C:\WINDOWS\system32\slkyzs.dll
    2008-10-10 07:49:22 ----A---- C:\WINDOWS\system32\rewjclog.dll
    2008-10-08 19:45:50 ----A---- C:\WINDOWS\system32\rwgjzd.dll
    2008-10-08 19:45:29 ----A---- C:\WINDOWS\system32\lxyhmkpw.dll
    2008-10-06 10:49:44 ----A---- C:\WINDOWS\system32\ghexqe.dll
    2008-10-06 10:49:25 ----A---- C:\WINDOWS\system32\awwioihu.dll
    2008-10-06 10:46:24 ----SH---- C:\WINDOWS\system32\yplgbvct.ini
    2008-10-06 09:40:53 ----SH---- C:\WINDOWS\system32\ainsaenn.ini
    2008-10-06 09:40:53 ----A---- C:\WINDOWS\system32\yyhvhiwe.dll
    2008-10-06 09:37:24 ----A---- C:\WINDOWS\system32\yxdpgx.dll
    2008-10-06 09:37:24 ----A---- C:\WINDOWS\system32\wdhhcoao.dll
    2008-10-06 09:35:35 ----A---- C:\WINDOWS\system32\vlpqoniq.dll
    2008-10-05 09:23:54 ----A---- C:\WINDOWS\system32\kkhkth.dll
    2008-10-05 09:23:35 ----A---- C:\WINDOWS\system32\sjrehsyq.dll
    2008-10-05 09:17:20 ----A---- C:\WINDOWS\system32\iiedhcyh.dll
    2008-10-05 08:19:41 ----A---- C:\WINDOWS\system32\sdhcpytc.dll
    2008-10-04 06:58:14 ----A---- C:\WINDOWS\system32\vuyees.dll
    2008-10-04 06:57:24 ----A---- C:\WINDOWS\system32\fajldpyi.dll
    2008-10-04 06:54:40 ----A---- C:\WINDOWS\system32\ugldmuwx.dll
    2008-10-02 18:01:44 ----SHD---- C:\FOUND.009
    2008-10-02 06:16:07 ----A---- C:\WINDOWS\wininit.ini
    2008-09-30 19:39:56 ----SHD---- C:\FOUND.008
    2008-09-30 17:31:02 ----A---- C:\WINDOWS\system32\rowsokyw.dll
    2008-09-30 17:28:24 ----SH---- C:\WINDOWS\system32\xhdhdgfv.ini
    2008-09-28 20:21:07 ----SH---- C:\WINDOWS\system32\fowoaayr.ini
    2008-09-28 19:56:20 ----SHD---- C:\FOUND.007
    2008-09-28 18:12:51 ----SH---- C:\WINDOWS\system32\jmvpkshp.ini
    2008-09-28 17:37:33 ----SH---- C:\WINDOWS\system32\ogovpqli.ini
    2008-09-28 17:34:34 ----A---- C:\WINDOWS\system32\ykkqngeg.dll
    2008-09-28 15:11:25 ----SH---- C:\WINDOWS\system32\luqnhfki.ini
    2008-09-28 14:29:38 ----A---- C:\WINDOWS\system32\392edcdf-.txt
    2008-09-28 14:22:24 ----D---- C:\WINDOWS\system32\mC02
    2008-09-28 14:22:24 ----D---- C:\Temp
    2008-09-28 14:21:48 ----A---- C:\WINDOWS\system32\jkkHwxYO.dll
    2008-09-24 15:49:13 ----D---- C:\WINDOWS\UbiSoft
    2008-09-18 14:15:39 ----D---- C:\Program Files\Common Files\Adobe AIR
    2008-09-18 14:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-09-18 14:13:00 ----D---- C:\Program Files\Common Files\Adobe
    2008-09-18 11:53:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-18 11:53:14 ----D---- C:\Program Files\NOS
    2008-09-12 19:28:39 ----D---- C:\Documents and Settings\DAD\Application Data\Big Fish Games
    2008-09-10 19:01:18 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-10 19:00:45 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-08-15 19:10:43 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 19:10:28 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 19:10:13 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 19:09:48 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 19:05:45 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 19:05:18 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 19:02:21 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-10 18:57:49 ----D---- C:\Program Files\U.B. Funkeys
    2008-07-16 22:13:54 ----D---- C:\Program Files\Sun
    2008-07-16 22:11:32 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-16 22:11:32 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-16 22:11:32 ----A---- C:\WINDOWS\system32\java.exe

    ======List of files/folders modified in the last 3 months======

    2008-10-13 02:29:24 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
    2008-10-12 19:52:34 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-12 18:06:04 ----A---- C:\WINDOWS\LEXSTAT.INI
    2008-10-11 16:03:42 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-10-08 22:09:06 ----RASH---- C:\boot.ini
    2008-10-08 22:09:06 ----A---- C:\WINDOWS\win.ini
    2008-10-08 22:09:06 ----A---- C:\WINDOWS\system.ini
    2008-09-10 19:01:00 ----A---- C:\WINDOWS\imsins.BAK
    2008-08-27 08:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
    2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-07-14 23:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 SAVRT;SAVRT; \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS []
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
    R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-07-13 11904]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-12-16 3842560]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081011.003\NAVENG.Sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081011.003\NavEx15.Sys []
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-10-19 6144]
    R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-07-13 257024]
    R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
    R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-06-06 925192]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081009.001\symidsco.sys []
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys []
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-04 1420288]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-09-19 492592]
    S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-09-19 816704]
    S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-09-19 113520]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSHGX;SHARP GSM GPRS USB Driver 2.0.0; C:\WINDOWS\system32\DRIVERS\usbgx_2.sys [2004-03-25 24144]
    S3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2008-08-10 186592]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-01-08 191848]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-01-08 169320]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
    R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [2007-05-23 46704]
    R2 SPBBCSvc;SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-11-03 1160848]
    R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-01 1251720]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
    R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
    S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-04 405504]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-04 520192]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
    S3 SAVScan;Symantec AVScan; C:\Program Files\Norton AntiVirus\SAVScan.exe [2005-12-19 198416]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------
     
    jamon08,
    #9
  11. 2008/10/12
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Part 3


    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-10-13 06:00:21
    PROTECTIONS: 1
    MALWARE: 12
    SUSPECTS: 2
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Norton Antivirus 2007 12.8.0.4 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\DAD\Cookies\dad@tribalfusion[2].txt
    00397125 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1\A0000106.DLL
    00397125 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1\A0000105.DLL
    00399487 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1\A0000107.DLL
    00399487 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1\A0000101.DLL
    00399487 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1\A0000104.DLL
    00399487 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1\A0000102.DLL
    00399487 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1\A0000103.DLL
    00399487 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1\A0000119.DLL
    00403127 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\FAJLDPYI.DLL
    00403127 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\VUYEES.DLL
    00403171 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\UGLDMUWX.DLL
    00403845 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\SJREHSYQ.DLL
    00403845 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\KKHKTH.DLL
    00403845 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\YXDPGX.DLL
    00403845 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\WDHHCOAO.DLL
    00404328 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\jkkHwxYO.dll
    01895148 Malicious Packer SecRisk No 0 Yes No C:\WINDOWS\SYSTEM32\GMWEHHAH.DLL
    01895148 Malicious Packer SecRisk No 0 Yes No C:\WINDOWS\SYSTEM32\YYHVHIWE.DLL
    01895148 Malicious Packer SecRisk No 0 Yes No C:\WINDOWS\SYSTEM32\YKKQNGEG.DLL
    01895148 Malicious Packer SecRisk No 0 Yes No C:\WINDOWS\SYSTEM32\ROWSOKYW.DLL
    01895148 Malicious Packer SecRisk No 0 Yes No C:\WINDOWS\SYSTEM32\SDHCPYTC.DLL
    03800512 Generic Malware Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\EINMCSNL.DLL
    03800512 Generic Malware Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\YLKDKUGU.DLL
    03800512 Generic Malware Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\AAQRMHNC.DLL
    03800512 Generic Malware Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\AHFGWXFV.DLL
    03800512 Generic Malware Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\LAGKRMXA.DLL
    03800512 Generic Malware Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\YKQMJKIN.DLL
    03830090 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\VLPQONIQ.DLL
    03830090 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\IIEDHCYH.DLL
    03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes Yes C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1\A0000110.SYS
    03858066 Trj/Downloader.MDW Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\KXQTTY.DLL
    03858066 Trj/Downloader.MDW Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\FFLPSICF.DLL
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location U
    ;===================================================================================================================================================================================
    No C:\WINDOWS\SYSTEM32\AWWIOIHU.DLL U
    No C:\WINDOWS\SYSTEM32\GHEXQE.DLL U
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description U
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

    Cheers:)
     
    jamon08,
    #10
  12. 2008/10/12
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Welcome back

    We wont worry about the files found in system restore till later.

    Please Disable TeaTimer



    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ygmelsys.dll ",b


    Go to My Computer->Tools->Folder Options->View tab:
    • Under the Hidden files and folders heading:
    • Select - Show hidden files and folders.
    • Uncheck- Hide protected operating system files (recommended) option.
    • Also, make sure there is no checkmark beside Hide file extensions for known file types.
    • Click OK. (Remember to Hide files and folders once done)

    Using Windows Explorer (right-click your "Start" button and select "Explore "), please navigate to and delete the following files/folders in bold If found
    C:\WINDOWS\system32\ygmelsys.dll


    Next, launch Notepad, (Start > Run, type in: notepad) copy and paste next present in the quotebox below in it:
    (don't forget to copy and paste REGEDIT4)
    Save this as fix.reg and change the "Save as type" to "All Files" and place it on your desktop. It should look like this: [​IMG]
    Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK ". You should receive a message that it was successful. You may delete the file afterwards


    Now please reboot your machine.


    NEXT**
    Please download the OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt3.exe to run it.

      * Copy the lines in the Quotebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    • Return to OTMoveIt3, right click in the "Paste List Of Files/Patterns To Search For and Move " window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.

      # Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
      # Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
      C:\_OTMoveIt2\MovedFiles\********_******.log
      (where "********_******" is the "date_time ")
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




    NEXT**

    [*]Double click on RSIT.exe to run RSIT.

    [*]Click Continue at the disclaimer screen.

    [*]Once it has finished, two logs will open. Please post the contents of the log.txt


    In your next reply post:
    RSIT log.txt
    OTMoveIt3 log
    New HJT log

    Can you give me an update on the machine at the moment.

    You may need several replies to post the requested logs, otherwise they might get cut off.
     
    Last edited: 2008/10/13
    Juliet,
    #11
  13. 2008/10/13
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Hi,
    By the way things are way better than they were, just a few little freaky things happening, that I'm sure your going to sort...
    Error: Unable to interpret <C:\WINDOWS\system32\gmwehhah.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\syslemgy.ini> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\slkyzs.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\rewjclog.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\rwgjzd.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\lxyhmkpw.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\ghexqe.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\awwioihu.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\yplgbvct.ini> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\ainsaenn.ini> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\yyhvhiwe.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\yxdpgx.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\wdhhcoao.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\vlpqoniq.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\kkhkth.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\sjrehsyq.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\iiedhcyh.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\sdhcpytc.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\vuyees.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\fajldpyi.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\ugldmuwx.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\rowsokyw.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\xhdhdgfv.ini> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\fowoaayr.ini> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\jmvpkshp.ini> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\ogovpqli.ini> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\ykkqngeg.dll> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\luqnhfki.ini> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\392edcdf-.txt> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\mC02 > in the current context!

    OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10132008_183421
     
    jamon08,
    #12
  14. 2008/10/13
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Part 2
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by DAD at 2008-10-13 18:41:16
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 27 GB (76%) free of 36 GB
    Total RAM: 223 MB (28% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:41:43 p.m., on 13/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\DAD\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\DAD.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2B20610F-D864-49E5-BE89-694B5379BE6B} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {ECAEDF43-3386-4496-84E1-E552CC48ECB8} - (no file)
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ygmelsys.dll ",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.kol.co.nz
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://nztxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4004673-4AD4-44AB-89BC-FCCC626FD816}: NameServer = 210.55.12.1 210.55.12.2
    O20 - Winlogon Notify: pmnmlljk - C:\WINDOWS\
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 9046 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - DAD.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B20610F-D864-49E5-BE89-694B5379BE6B}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
    CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar5.dll [2006-10-12 2108480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-06 734704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECAEDF43-3386-4496-84E1-E552CC48ECB8}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2006-10-12 2108480]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp "=Alaunch []
    "SiSPower "=C:\WINDOWS\system32\SiSPower.dll [2005-07-13 49152]
    "SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2005-12-14 577536]
    "SMSERIAL "=C:\WINDOWS\sm56hlpr.exe [2005-06-06 544768]
    "ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-08 53096]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "Symantec PIF AlertEng "=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "320d18a1 "=C:\WINDOWS\system32\ygmelsys.dll []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-30 68856]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-01-04 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmlljk]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{1764AF3F-400C-415E-9A92-67A7D55C2C71} "= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\System32\lexpps.exe "= "C:\WINDOWS\System32\lexpps.exe:*:Disabled:LEXPPS.EXE "
    "C:\Program Files\Acer\Acer eConsole\MediaSync.exe "= "C:\Program Files\Acer\Acer eConsole\MediaSync.exe:*:Disabled:Media Synchronizer "
    "C:\WINDOWS\System32\dpvsetup.exe "= "C:\WINDOWS\System32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test "
    "C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe "= "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "
    "C:\Program Files\Messenger\MSMSGS.EXE "= "C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger "
    "C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
    "C:\WINDOWS\System32\rundll32.exe "= "C:\WINDOWS\System32\rundll32.exe:*:Enabled:Run a DLL as an App "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "

    ======List of files/folders created in the last 3 months======

    2008-10-13 18:34:21 ----D---- C:\_OTMoveIt
    2008-10-13 03:10:22 ----D---- C:\Program Files\Panda Security
    2008-10-13 02:48:18 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-10-13 02:48:16 ----D---- C:\WINDOWS\system32\Kaspersky Lab
    2008-10-12 14:23:07 ----D---- C:\Documents and Settings\DAD\Application Data\Malwarebytes
    2008-10-12 14:22:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-12 14:22:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 17:14:50 ----D---- C:\rsit
    2008-10-11 16:11:40 ----A---- C:\WINDOWS\system32\gmwehhah.dll
    2008-10-10 07:55:04 ----SH---- C:\WINDOWS\system32\syslemgy.ini
    2008-10-10 07:49:43 ----A---- C:\WINDOWS\system32\slkyzs.dll
    2008-10-10 07:49:22 ----A---- C:\WINDOWS\system32\rewjclog.dll
    2008-10-08 19:45:50 ----A---- C:\WINDOWS\system32\rwgjzd.dll
    2008-10-08 19:45:29 ----A---- C:\WINDOWS\system32\lxyhmkpw.dll
    2008-10-06 10:49:44 ----A---- C:\WINDOWS\system32\ghexqe.dll
    2008-10-06 10:49:25 ----A---- C:\WINDOWS\system32\awwioihu.dll
    2008-10-06 10:46:24 ----SH---- C:\WINDOWS\system32\yplgbvct.ini
    2008-10-06 09:40:53 ----SH---- C:\WINDOWS\system32\ainsaenn.ini
    2008-10-06 09:40:53 ----A---- C:\WINDOWS\system32\yyhvhiwe.dll
    2008-10-06 09:37:24 ----A---- C:\WINDOWS\system32\yxdpgx.dll
    2008-10-06 09:37:24 ----A---- C:\WINDOWS\system32\wdhhcoao.dll
    2008-10-06 09:35:35 ----A---- C:\WINDOWS\system32\vlpqoniq.dll
    2008-10-05 09:23:54 ----A---- C:\WINDOWS\system32\kkhkth.dll
    2008-10-05 09:23:35 ----A---- C:\WINDOWS\system32\sjrehsyq.dll
    2008-10-05 09:17:20 ----A---- C:\WINDOWS\system32\iiedhcyh.dll
    2008-10-05 08:19:41 ----A---- C:\WINDOWS\system32\sdhcpytc.dll
    2008-10-04 06:58:14 ----A---- C:\WINDOWS\system32\vuyees.dll
    2008-10-04 06:57:24 ----A---- C:\WINDOWS\system32\fajldpyi.dll
    2008-10-04 06:54:40 ----A---- C:\WINDOWS\system32\ugldmuwx.dll
    2008-10-02 18:01:44 ----SHD---- C:\FOUND.009
    2008-10-02 06:16:07 ----A---- C:\WINDOWS\wininit.ini
    2008-09-30 19:39:56 ----SHD---- C:\FOUND.008
    2008-09-30 17:31:02 ----A---- C:\WINDOWS\system32\rowsokyw.dll
    2008-09-30 17:28:24 ----SH---- C:\WINDOWS\system32\xhdhdgfv.ini
    2008-09-28 20:21:07 ----SH---- C:\WINDOWS\system32\fowoaayr.ini
    2008-09-28 19:56:20 ----SHD---- C:\FOUND.007
    2008-09-28 18:12:51 ----SH---- C:\WINDOWS\system32\jmvpkshp.ini
    2008-09-28 17:37:33 ----SH---- C:\WINDOWS\system32\ogovpqli.ini
    2008-09-28 17:34:34 ----A---- C:\WINDOWS\system32\ykkqngeg.dll
    2008-09-28 15:11:25 ----SH---- C:\WINDOWS\system32\luqnhfki.ini
    2008-09-28 14:29:38 ----A---- C:\WINDOWS\system32\392edcdf-.txt
    2008-09-28 14:22:24 ----D---- C:\WINDOWS\system32\mC02
    2008-09-28 14:22:24 ----D---- C:\Temp
    2008-09-28 14:21:48 ----A---- C:\WINDOWS\system32\jkkHwxYO.dll
    2008-09-24 15:49:13 ----D---- C:\WINDOWS\UbiSoft
    2008-09-18 14:15:39 ----D---- C:\Program Files\Common Files\Adobe AIR
    2008-09-18 14:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-09-18 14:13:00 ----D---- C:\Program Files\Common Files\Adobe
    2008-09-18 11:53:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-18 11:53:14 ----D---- C:\Program Files\NOS
    2008-09-12 19:28:39 ----D---- C:\Documents and Settings\DAD\Application Data\Big Fish Games
    2008-09-10 19:01:18 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-10 19:00:45 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-08-15 19:10:43 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 19:10:28 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 19:10:13 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 19:09:48 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 19:05:45 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 19:05:18 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 19:02:21 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-10 18:57:49 ----D---- C:\Program Files\U.B. Funkeys
    2008-07-16 22:13:54 ----D---- C:\Program Files\Sun
    2008-07-16 22:11:32 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-16 22:11:32 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-16 22:11:32 ----A---- C:\WINDOWS\system32\java.exe

    ======List of files/folders modified in the last 3 months======

    2008-10-13 18:29:34 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
    2008-10-13 18:25:22 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-13 18:10:44 ----A---- C:\WINDOWS\LEXSTAT.INI
    2008-10-11 16:03:42 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-10-08 22:09:06 ----RASH---- C:\boot.ini
    2008-10-08 22:09:06 ----A---- C:\WINDOWS\win.ini
    2008-10-08 22:09:06 ----A---- C:\WINDOWS\system.ini
    2008-09-10 19:01:00 ----A---- C:\WINDOWS\imsins.BAK
    2008-08-27 08:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
    2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-07-14 23:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 SAVRT;SAVRT; \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS []
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
    R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-07-13 11904]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-12-16 3842560]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081012.001\NAVENG.Sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081012.001\NavEx15.Sys []
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-10-19 6144]
    R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-07-13 257024]
    R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
    R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-06-06 925192]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081009.001\symidsco.sys []
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys []
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-04 1420288]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-09-19 492592]
    S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-09-19 816704]
    S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-09-19 113520]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSHGX;SHARP GSM GPRS USB Driver 2.0.0; C:\WINDOWS\system32\DRIVERS\usbgx_2.sys [2004-03-25 24144]
    S3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2008-08-10 186592]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-01-08 191848]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-01-08 169320]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
    R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [2007-05-23 46704]
    R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
    R2 SPBBCSvc;SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-11-03 1160848]
    R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-01 1251720]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
    S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-04 405504]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-04 520192]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
    S3 SAVScan;Symantec AVScan; C:\Program Files\Norton AntiVirus\SAVScan.exe [2005-12-19 198416]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------
     
    jamon08,
    #13
  15. 2008/10/13
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:44:56 p.m., on 13/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2B20610F-D864-49E5-BE89-694B5379BE6B} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {ECAEDF43-3386-4496-84E1-E552CC48ECB8} - (no file)
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ygmelsys.dll ",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.kol.co.nz
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://nztxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4004673-4AD4-44AB-89BC-FCCC626FD816}: NameServer = 210.55.12.1 210.55.12.2
    O20 - Winlogon Notify: pmnmlljk - C:\WINDOWS\
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 9005 bytes
     
    jamon08,
    #14
  16. 2008/10/13
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Could not find

    Yeah way better
    Cheers j:)
     
    jamon08,
    #15
  17. 2008/10/13
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    It appears you didn't run HJT or the regfix?

    Let's start over.

    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

    # Open Spybot Search & Destroy.
    # In the Mode menu click "Advanced mode" if not already selected.
    # Choose "Yes" at the Warning prompt.
    # Expand the "Tools" menu.
    # Click "Resident ".
    # Uncheck the "Resident "TeaTimer" (Protection of overall system settings)
    active." box.
    # In the File menu click "Exit" to exit Spybot Search & Destroy.

    * See this link for a tutorial http://russelltexas.com/malware/teatimer.htm




    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ygmelsys.dll ",b


    Go to My Computer->Tools->Folder Options->View tab:
    • Under the Hidden files and folders heading:
    • Select - Show hidden files and folders.
    • Uncheck- Hide protected operating system files (recommended) option.
    • Also, make sure there is no checkmark beside Hide file extensions for known file types.
    • Click OK. (Remember to Hide files and folders once done)

    Using Windows Explorer (right-click your "Start" button and select "Explore "), please navigate to and delete the following files/folders in bold If found
    C:\WINDOWS\system32\ygmelsys.dll


    Next, launch Notepad, (Start > Run, type in: notepad) copy and paste next present in the quotebox below in it:
    (don't forget to copy and paste REGEDIT4)
    Save this as fix.reg and change the "Save as type" to "All Files" and place it on your desktop. It should look like this: [​IMG]
    Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK ". You should receive a message that it was successful. You may delete the file afterwards


    Now please reboot your machine.



    Doesn't look like OTMoveIt worked, by chance did you accidentally copy the word quote?


    Let's run another tool please.

    Download Combofix from any of the links below, and save it to your
    desktop. For information regarding this download, please visit this webpage:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link 1
    Link 2
    Link 3


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not
    interfere with the running of ComboFix.

    --------------------------------------------------------------------

    Double click on ComboFix.exe & follow the prompts.
    • When finished,
      it will produce a report for you.
    • Please post the C:\ComboFix.txt
      along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
     
    Juliet,
    #16
  18. 2008/10/13
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:00:27 p.m., on 13/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2B20610F-D864-49E5-BE89-694B5379BE6B} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {ECAEDF43-3386-4496-84E1-E552CC48ECB8} - (no file)
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ygmelsys.dll ",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.kol.co.nz
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://nztxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4004673-4AD4-44AB-89BC-FCCC626FD816}: NameServer = 210.55.12.1 210.55.12.2
    O20 - Winlogon Notify: pmnmlljk - C:\WINDOWS\
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8203 bytes
     
    jamon08,
    #17
  19. 2008/10/13
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    ComboFix 08-10-11.04 - DAD 2008-10-13 19:46:01.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.51 [GMT 13:00]
    Running from: C:\Documents and Settings\DAD\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\DAD\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\system32\ainsaenn.ini
    C:\WINDOWS\system32\awwioihu.dll
    C:\WINDOWS\system32\fajldpyi.dll
    C:\WINDOWS\system32\fowoaayr.ini
    C:\WINDOWS\system32\ghexqe.dll
    C:\WINDOWS\system32\iiedhcyh.dll
    C:\WINDOWS\system32\jkkHwxYO.dll
    C:\WINDOWS\system32\jmvpkshp.ini
    C:\WINDOWS\system32\kkhkth.dll
    C:\WINDOWS\system32\luqnhfki.ini
    C:\WINDOWS\system32\lxyhmkpw.dll
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\ogovpqli.ini
    C:\WINDOWS\system32\rewjclog.dll
    C:\WINDOWS\system32\rwgjzd.dll
    C:\WINDOWS\system32\sjrehsyq.dll
    C:\WINDOWS\system32\slkyzs.dll
    C:\WINDOWS\system32\syslemgy.ini
    C:\WINDOWS\system32\ugldmuwx.dll
    C:\WINDOWS\system32\vlpqoniq.dll
    C:\WINDOWS\system32\vuyees.dll
    C:\WINDOWS\system32\wdhhcoao.dll
    C:\WINDOWS\system32\xhdhdgfv.ini
    C:\WINDOWS\system32\yplgbvct.ini
    C:\WINDOWS\system32\yxdpgx.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))
    .

    2008-10-13 18:34 . 2008-10-13 18:34 <DIR> d-------- C:\_OTMoveIt
    2008-10-13 03:10 . 2008-10-13 03:10 <DIR> d-------- C:\Program Files\Panda Security
    2008-10-13 03:10 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
    2008-10-13 02:48 . 2008-10-13 02:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-10-13 02:48 . 2008-10-13 02:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-10-12 14:23 . 2008-10-12 14:23 <DIR> d-------- C:\Documents and Settings\DAD\Application Data\Malwarebytes
    2008-10-12 14:22 . 2008-10-12 14:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-12 14:22 . 2008-10-12 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-12 14:22 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-12 14:22 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-11 17:14 . 2008-10-11 17:14 <DIR> d-------- C:\rsit
    2008-10-11 16:11 . 2008-10-11 16:11 49,356 --a------ C:\WINDOWS\system32\gmwehhah.dll
    2008-10-08 19:41 . 2008-10-13 19:25 2,128 --a------ C:\logfile
    2008-10-06 09:40 . 2008-10-06 09:41 49,356 --a------ C:\WINDOWS\system32\yyhvhiwe.dll
    2008-10-05 08:19 . 2008-10-05 08:19 49,356 --a------ C:\WINDOWS\system32\sdhcpytc.dll
    2008-10-02 18:01 . 2008-10-02 18:01 <DIR> d--hs---- C:\FOUND.009
    2008-10-02 06:16 . 2008-10-03 10:51 153 --a------ C:\WINDOWS\wininit.ini
    2008-09-30 19:39 . 2008-09-30 19:39 <DIR> d--hs---- C:\FOUND.008
    2008-09-30 17:31 . 2008-09-30 17:31 50,813 --a------ C:\WINDOWS\system32\rowsokyw.dll
    2008-09-28 19:56 . 2008-09-28 19:56 <DIR> d--hs---- C:\FOUND.007
    2008-09-28 17:34 . 2008-09-28 17:34 49,356 --a------ C:\WINDOWS\system32\ykkqngeg.dll
    2008-09-28 14:22 . 2008-09-28 14:22 <DIR> d-------- C:\WINDOWS\system32\mC02
    2008-09-28 14:22 . 2008-09-28 14:22 <DIR> d-------- C:\Temp\mtc2
    2008-09-28 14:22 . 2008-09-28 14:22 <DIR> d-------- C:\Temp
    2008-09-24 15:49 . 2008-09-24 15:49 <DIR> d-------- C:\WINDOWS\UbiSoft
    2008-09-18 14:15 . 2008-09-18 14:15 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
    2008-09-18 14:13 . 2008-09-18 14:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-09-18 11:53 . 2008-09-18 11:53 <DIR> d-------- C:\Program Files\NOS
    2008-09-18 11:53 . 2008-09-18 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-12 06:28 --------- d-----w C:\Documents and Settings\DAD\Application Data\Big Fish Games
    2008-07-18 09:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 09:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 09:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 09:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 09:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 09:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 09:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 09:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 09:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 09:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 09:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 09:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 09:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 09:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 09:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-12-26 06:40 4,862,248 ----a-w C:\Program Files\LimeWireWin.exe
    2007-04-08 01:38 5,640,784 ----a-w C:\Program Files\winamp52_full.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp "= "Alaunch" [X]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 53096]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SiSPower "= "SiSPower.dll" [2005-07-13 C:\WINDOWS\system32\SiSPower.dll]
    "SoundMan "= "SOUNDMAN.EXE" [2005-12-14 C:\WINDOWS\soundman.exe]
    "SMSERIAL "= "sm56hlpr.exe" [2005-06-06 C:\WINDOWS\sm56hlpr.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-02-15 262144]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP55 "= SP5X_32.DLL
    "VIDC.SP56 "= SP5X_32.DLL
    "VIDC.SP57 "= SP5X_32.DLL
    "VIDC.SP58 "= SP5X_32.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\System32\\lexpps.exe "=
    "C:\\WINDOWS\\System32\\dpvsetup.exe "=
    "C:\\WINDOWS\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE "=
    "C:\\Program Files\\LimeWire\\LimeWire.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4970:UDP "= 4970:UDP:Windows Media Format SDK (IEXPLORE.EXE)
    "4971:UDP "= 4971:UDP:Windows Media Format SDK (IEXPLORE.EXE)
    "4973:UDP "= 4973:UDP:Windows Media Format SDK (IEXPLORE.EXE)

    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [ ]
    S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [ ]
    S3 USBSHGX;SHARP GSM GPRS USB Driver 2.0.0;C:\WINDOWS\system32\DRIVERS\usbgx_2.sys [2004-03-25 24144]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-03 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - DAD.job
    - C:\PROGRA~1\NORTON~1\Navw32.exe [2007-05-23 12:13]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{2B20610F-D864-49E5-BE89-694B5379BE6B} - (no file)
    BHO-{ECAEDF43-3386-4496-84E1-E552CC48ECB8} - (no file)
    HKLM-Run-320d18a1 - C:\WINDOWS\system32\ygmelsys.dll
    ShellExecuteHooks-{1764AF3F-400C-415E-9A92-67A7D55C2C71} - (no file)
    Notify-pmnmlljk - (no file)


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R0 -: HKCU-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O17 -: HKLM\CCS\Interface\{A4004673-4AD4-44AB-89BC-FCCC626FD816}: NameServer = 210.55.12.1 210.55.12.2

    O16 -: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} - hxxps://nztxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    C:\WINDOWS\Downloaded Program Files\POLiPayOnline.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 19:49:45
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-10-13 19:51:31
    ComboFix-quarantined-files.txt 2008-10-13 06:51:26

    Pre-Run: 28,639,166,464 bytes free
    Post-Run: 28,625,076,224 bytes free

    181 --- E O F --- 2008-09-10 07:03:48
     
    jamon08,
    #18
  20. 2008/10/13
    jamon08

    jamon08 Inactive Thread Starter

    Joined:
    2007/09/08
    Messages:
    85
    Likes Received:
    0
    This silly thing keeps unchecking itself so I went back every after each step to keep unchecking




    I see this poped up again after I closed windows and did fix


    Still could not find


    sweet


    Now please reboot your machine.



    pretty sure I didn't but I think that sill tea timer turned itself back on

    Cheers, j:)
     
    jamon08,
    #19
  21. 2008/10/13
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Let's get recovery console on the machine first.

    You DO NOT need to have the Windows CD to install Recovery Console!
    No Validation is required.

    Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
    Don't select to run the Recovery Console as we don't need it.
    By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.



    Go to Microsoft's website => http://support.microsoft.com/kb/310994
    Select the download that's appropriate for your Operating System

    [​IMG]

    Download the file & save it as it's originally named, next to ComboFix.exe.
    [​IMG]

    Now close all open windows and programs, including all anti virus and anti
    malware programs so they do not interfere with the running of ComboFix.
    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User
      License Agreement to install the Microsoft Recovery Console.
    • At the next prompt, click 'NO' to run the full ComboFix scan.



    NEXT**
    Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.




    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.
    [​IMG]

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.



    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


    NEXT**
    Let's see if Panda online scanner can find any remnants.
    http://www.pandasecurity.com/homeusers/solutions/activescan/
    * Click on Scan Your PC Now
    * Select Full Scan, then Click on Scan Now
    * Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
    * If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
    * Please ignore the offer to buy the program.
    Click on Export To
    * Export the log and save it to your desktop.
    Please post this report in your next reply.

    * Turn off the real time scanner of any existing antivirus program while performing the online scan


    In your next reply post:
    ComboFix.txt
    Panda log
    new HJT log

    May need several replies to post all the logs

    How's the machine now?
     
    Juliet,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...