1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Virtumundo infection

Discussion in 'Malware and Virus Removal Archive' started by bkasai, 2008/12/08.

  1. 2008/12/08
    bkasai

    bkasai Inactive Thread Starter

    Joined:
    2007/09/01
    Messages:
    17
    Likes Received:
    0
    I definitely have a trojan/malware infection. SuperAntiSpyware continues to find it and attempt to remove DLL files in Windows/system32 with no luck.

    Please help. Logs are included below.

    Thanks,

    Bob

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by E108796 at 2008-12-07 23:48:12
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 4 GB (7%) free of 57 GB
    Total RAM: 3062 MB (74% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:48:16 PM, on 12/7/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ccsrvc.exe
    C:\Program Files\Altiris\Carbon Copy\shellker.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\r_server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
    C:\PROGRA~1\Altiris\CARBON~1\client.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
    C:\Program Files\eFax Messenger 4.3\J2GTray.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\E108796\My Documents\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\E108796.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twcable.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.twcable.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.twcable.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Time Warner Cable
    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O1 - Hosts: 206.221.51.23 prs03
    O1 - Hosts: 135.190.227.193 attccd14.ncs.att.com
    O1 - Hosts: 135.190.227.197 attccd25.ncs.att.com
    O1 - Hosts: 147.191.71.52 olap110k.broadband.att.com
    O1 - Hosts: 147.191.71.52 tahari.cable.comcast.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: (no name) - {bed8d334-5638-4f7c-8d92-5d2b5e63e427} - C:\WINDOWS\system32\zajihezo.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe "
    O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe "
    O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [24100fc8] rundll32.exe "C:\WINDOWS\system32\segenogo.dll ",b
    O4 - HKLM\..\Run: [CPM27233c54] Rundll32.exe "c:\windows\system32\tovureko.dll ",a
    O4 - HKLM\..\Run: [vebohivuzu] Rundll32.exe "C:\WINDOWS\system32\vadivana.dll ",s
    O4 - HKLM\..\RunOnce: [PixelInstall] 
    O4 - HKLM\..\RunOnce: [Reboot] 
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [A00F4197CE2.exe] C:\DOCUME~1\E108796\LOCALS~1\Temp\_A00F4197CE2.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [vebohivuzu] Rundll32.exe "C:\WINDOWS\system32\vadivana.dll ",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [vebohivuzu] Rundll32.exe "C:\WINDOWS\system32\vadivana.dll ",s (User 'NETWORK SERVICE')
    O4 - Global Startup: bg.bat
    O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
    O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.twcable.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} (OBXViewer Control) - http://obtwc.twcable.com/Applets/OBXViewer.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ra.ricoh-usa.com/webmail/iNotes6W.cab
    O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://ra.ricoh-usa.com/postauthI/epi.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1219438908288
    O16 - DPF: {8285080A-3FAF-41B1-B7BD-933EE724B650} (OBXDocumentSelect Control) - http://obtwc.twcable.com/Applets/OBXSelect.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://closetabs.webex.com/client/T25L/webex/ieatgpc.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://cdc-pb-iv-j-04.twcable.com/dana-cached/setup/JuniperSetupSP1.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = los.twcable.com
    O17 - HKLM\Software\..\Telephony: DomainName = los.twcable.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = los.twcable.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cable.comcast.com,adelphia.com,twcable.com,corp.twcable.com,los.twcable.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = los.twcable.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = cable.comcast.com,adelphia.com,twcable.com,corp.twcable.com,los.twcable.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cable.comcast.com,adelphia.com,twcable.com,corp.twcable.com,los.twcable.com
    O20 - AppInit_DLLs: AMINIT.dll c:\windows\system32\naruhogo.dll c:\windows\system32\gayujoje.dll c:\windows\system32\vizisida.dll c:\windows\system32\lonobori.dll c:\windows\system32\sopakowo.dll c:\windows\system32\tovureko.dll,C:\WINDOWS\system32\yolositi.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tovureko.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tovureko.dll
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
    O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 18362 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
    AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2008-05-12 58688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9566395F-43D2-4c64-B525-B501FFA276E2}]
    File Print FedEx Kinko's - C:\WINDOWS\system32\mscoree.dll [2005-09-23 270848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-15 652784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
    AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bed8d334-5638-4f7c-8d92-5d2b5e63e427}]
    C:\WINDOWS\system32\zajihezo.dll [2008-09-07 64747]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
    {9566395f-43d2-4c64-b525-b501ffa276e2} - File Print FedEx Kinko's - C:\WINDOWS\system32\mscoree.dll [2005-09-23 270848]
    {DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]
    {61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent "=C:\WINDOWS\system32\bthprops.cpl [2008-04-13 110592]
    "IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
    "HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
    "Persistence "=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
    "IntelZeroConfig "=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 802816]
    "IntelWireless "=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-10-18 696320]
    "SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
    "Apoint "=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
    "ShStatEXE "=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-05-12 111952]
    "Share-to-Web Namespace Daemon "=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
    "HP Software Update "=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
    "RoxWatchTray "=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-03-26 228088]
    "Acrobat Assistant 8.0 "=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
    "Adobe_ID0EYTHM "=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
    "McAfeeUpdaterUI "=C:\Program Files\McAfee\Common Framework\udaterui.exe [2008-03-14 136512]
    "eFax 4.3 "=C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe [2007-03-06 116224]
    "IntelliPoint "=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "LifeCam "=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
    "mxomssmenu "=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]
    "McAfee Host Intrusion Prevention Tray "=C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2008-07-09 963904]
    "AeXAgentLogon "=C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [2008-05-11 143360]
    "KernelFaultCheck "=C:\WINDOWS\system32\dumprep 0 -k []
    "24100fc8 "=C:\WINDOWS\system32\segenogo.dll [2008-12-07 87831]
    "CPM27233c54 "=c:\windows\system32\tovureko.dll [2008-12-07 94408]
    "vebohivuzu "=C:\WINDOWS\system32\vadivana.dll [2008-09-07 64747]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "PixelInstall "=1 []
    "Reboot "=1 []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Aim6 "= []
    "ISUSPM "=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
    "A00F4197CE2.exe "=C:\DOCUME~1\E108796\LOCALS~1\Temp\_A00F4197CE2.exe []
    "SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\24100fc8]
    C:\WINDOWS\system32\nepovefe.dll []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM27233c54]
    C:\WINDOWS\system32\lonobori.dll []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vebohivuzu]
    C:\WINDOWS\system32\fotolowu.dll []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    bg.bat
    eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "AMINIT.dll c:\windows\system32\naruhogo.dll c:\windows\system32\gayujoje.dll c:\windows\system32\vizisida.dll c:\windows\system32\lonobori.dll c:\windows\system32\sopakowo.dll c:\windows\system32\tovureko.dll,C:\WINDOWS\system32\yolositi.dll "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]
    C:\WINDOWS\system32\ckpNotify.dll [2006-04-09 24674]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tovureko.dll [2008-12-07 94408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tovureko.dll [2008-12-07 94408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8} "=C:\WINDOWS\system32\shdocvw.dll [2008-04-13 1499136]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages "=scecli
    C:\WINDOWS\system32\yolositi.dll

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145
    "DisallowRun "=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe "= "C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service "
    "C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
    "C:\csg\acsr\xBOI.exe "= "C:\csg\acsr\xBOI.exe:*:Enabled:mfcmain - xboi.exe "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service "
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application "
    "C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line "
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent "
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics "
    "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe "= "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 "
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe "= "C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe "
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe "= "C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe "
    "C:\Program Files\Microsoft Office Communicator\communicator.exe "= "C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 "
    "D:\setup\HPZNET01.EXE "= "D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe "
    "D:\setup\HPPAPD.EXE "= "D:\setup\HPPAPD.EXE:*:Enabled:hppapd.exe "
    "D:\setup\HPPNICIFS01.EXE "= "D:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe "
    "D:\setup\HPNTWKEXE.EXE "= "D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe "
    "D:\setup\HPPSETBOD.EXE "= "D:\setup\HPPSETBOD.EXE:*:Enabled:hppsetbod.exe "
    "D:\setup\HPPNAC01.EXE "= "D:\setup\HPPNAC01.EXE:*:Enabled:hppnac01.exe "
    "C:\WINDOWS\explorer.exe "= "C:\WINDOWS\explorer.exe:*:Enabled:Explorer "
    "C:\WINDOWS\system32\winlogon.exe "= "C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon "
    "C:\WINDOWS\system32\rundll32.exe "= "C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32 "
    "C:\Program Files\Altiris\Carbon Copy\Client.exe "= "C:\Program Files\Altiris\Carbon Copy\Client.exe:*:Enabled:client "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service "
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application "
    "C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line "
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent "
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe "= "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics "
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
    "C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
    "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe "= "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server "
    "C:\Program Files\Kinko's\FPFK\FPKMain.exe "= "C:\Program Files\Kinko's\FPFK\FPKMain.exe:*:Enabled:File, Print FedEx Kinko's "
    "C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.Queue.exe "= "C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.Queue.exe:*:Enabled:File, Print FedEx Kinko's System Tray "
    "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe "= "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 "
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe "= "C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service "
    "C:\Program Files\Microsoft Office Communicator\communicator.exe "= "C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 "
    "C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
    "C:\WINDOWS\system32\winlogon.exe "= "C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon "
    "C:\WINDOWS\explorer.exe "= "C:\WINDOWS\explorer.exe:*:Enabled:Explorer "
    "C:\Program Files\McAfee\Common Framework\McScript_InUse.exe "= "C:\Program Files\McAfee\Common Framework\McScript_InUse.exe:*:Enabled:McScript_InUse "
    "C:\WINDOWS\system32\rundll32.exe "= "C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32 "
    "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe "= "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe:*:Enabled:AcroRd32Info "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48c6f644-beee-11dc-b635-001a6b31cc69}]
    shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aaa1d90-1bbe-11dd-b677-001a6b31cc69}]
    shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd54ddb8-84dd-11dd-b6aa-001a6b31cc69}]
    shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


    ======File associations======

    .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe ", "%1 "

    ======List of files/folders created in the last 3 months======

    2008-12-07 23:48:12 ----D---- C:\rsit
    2008-12-07 23:33:58 ----D---- C:\Program Files\Trend Micro
    2008-12-07 22:28:51 ----SH---- C:\WINDOWS\system32\ogoneges.ini
    2008-12-05 08:40:44 ----D---- C:\VundoFix Backups
    2008-12-05 08:40:44 ----A---- C:\VundoFix.txt
    2008-12-05 07:35:37 ----A---- C:\WINDOWS\system32\HIPIS0e0015b.dll
    2008-12-05 07:14:33 ----SH---- C:\WINDOWS\system32\ofegenif.ini
    2008-12-04 10:41:47 ----SH---- C:\WINDOWS\system32\efevopen.ini
    2008-12-04 09:43:40 ----SH---- C:\WINDOWS\system32\ibedisuz.ini
    2008-12-03 09:46:29 ----SH---- C:\WINDOWS\system32\ulanabaz.ini
    2008-12-02 10:38:01 ----SH---- C:\WINDOWS\system32\ekabohel.ini
    2008-12-02 07:55:45 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-12-02 07:54:46 ----D---- C:\Program Files\SUPERAntiSpyware
    2008-12-02 07:54:46 ----D---- C:\Documents and Settings\E108796\Application Data\SUPERAntiSpyware.com
    2008-12-01 22:35:25 ----SH---- C:\WINDOWS\system32\agehefuh.ini
    2008-11-21 14:33:20 ----D---- C:\Program Files\Common Files\Software Update Utility
    2008-11-21 14:33:09 ----D---- C:\Program Files\AIM Toolbar
    2008-11-21 14:33:09 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
    2008-11-21 14:33:01 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
    2008-11-10 15:07:04 ----A---- C:\WINDOWS\client.INI
    2008-11-05 09:38:00 ----D---- C:\Program Files\Common Files\Altiris
    2008-11-04 12:26:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-11-04 11:56:37 ----D---- C:\Program Files\PixRecovery
    2008-10-25 17:15:46 ----D---- C:\ACCESS
    2008-10-24 09:34:00 ----D---- C:\Program Files\Microsoft Works
    2008-10-15 13:33:47 ----D---- C:\Documents and Settings\E108796\Application Data\Google
    2008-10-15 13:32:23 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-15 13:32:21 ----D---- C:\Program Files\Google
    2008-10-09 07:49:48 ----D---- C:\Documents and Settings\E108796\Application Data\Juniper Networks
    2008-09-20 06:09:57 ----A---- C:\WINDOWS\USb Missile Launcher Uninstall Log.txt
    2008-09-16 11:38:55 ----D---- C:\Documents and Settings\E108796\Application Data\Downloaded Installations

    ======List of files/folders modified in the last 3 months======

    2008-12-07 23:47:57 ----D---- C:\WINDOWS\Prefetch
    2008-12-07 23:45:55 ----D---- C:\WINDOWS\Temp
    2008-12-07 23:39:00 ----D---- C:\Quarantine
    2008-12-07 23:33:58 ----RD---- C:\Program Files
    2008-12-07 23:03:31 ----A---- C:\WINDOWS\hpbafd.ini
    2008-12-07 23:02:19 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-07 22:56:52 ----D---- C:\WINDOWS\system32
    2008-12-07 22:56:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-12-07 22:40:16 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-07 22:28:41 ----ASH---- C:\WINDOWS\system32\fuyuvugo.dll
    2008-12-07 22:28:40 ----ASH---- C:\WINDOWS\system32\segenogo.dll
    2008-12-07 22:28:38 ----N---- C:\WINDOWS\system32\tovureko.dll
    2008-12-05 08:50:14 ----SHD---- C:\WINDOWS\CSC
    2008-12-05 08:41:52 ----D---- C:\WINDOWS\security
    2008-12-05 08:38:18 ----A---- C:\WINDOWS\system32\Fxxplfnt.tmp
    2008-12-05 07:36:04 ----RASH---- C:\boot.ini
    2008-12-05 07:36:03 ----N---- C:\WINDOWS\win.ini
    2008-12-05 07:36:03 ----N---- C:\WINDOWS\system.ini
    2008-12-05 07:14:30 ----D---- C:\Program Files\Mozilla Firefox
    2008-12-03 17:38:08 ----D---- C:\Documents and Settings\E108796\Application Data\Adobe
    2008-12-03 07:57:43 ----D---- C:\WINDOWS\Minidump
    2008-12-03 07:57:43 ----D---- C:\WINDOWS
    2008-12-02 09:17:17 ----A---- C:\WINDOWS\setscan.ini
    2008-12-02 09:05:11 ----D---- C:\WINDOWS\twain_32
    2008-12-02 07:54:54 ----SHD---- C:\WINDOWS\Installer
    2008-12-02 07:54:54 ----SHD---- C:\Config.Msi
    2008-12-02 07:54:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-11-30 07:44:30 ----A---- C:\WINDOWS\ModemLog_Standard Modem over Bluetooth link #2.txt
    2008-11-22 18:36:00 ----HD---- C:\WINDOWS\inf
    2008-11-21 14:40:17 ----D---- C:\Program Files\AIM6
    2008-11-21 14:33:20 ----D---- C:\Program Files\Common Files
    2008-11-21 14:31:58 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2008-11-10 14:06:42 ----D---- C:\WINDOWS\system32\drivers
    2008-11-10 14:06:41 ----D---- C:\Program Files\Altiris
    2008-11-07 08:55:12 ----A---- C:\WINDOWS\IE4 Error Log.txt
    2008-10-26 19:50:54 ----A---- C:\WINDOWS\system32\KevlarSigs.dll
    2008-10-22 18:46:14 ----D---- C:\Program Files\Microsoft Silverlight
    2008-10-09 07:49:48 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-09-16 11:37:48 ----A---- C:\WINDOWS\FPKPMSV.INI
    2008-09-08 20:15:00 ----D---- C:\WINDOWS\system32\wbem
    2008-09-08 20:13:20 ----A---- C:\WINDOWS\ODBC.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-06-14 82380]
    R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2007-02-06 16512]
    R1 CCDevice;CCDevice; C:\WINDOWS\system32\drivers\CCDevice.sys [2007-05-29 9216]
    R1 FireTDI;McAfee HIP Component FireTDI; \??\C:\WINDOWS\system32\Drivers\FireTDI.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-04-28 55112]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-03-22 21425]
    R2 CP_OMDRV;Check Point Office Mode Module; C:\WINDOWS\System32\drivers\omdrv.sys [2006-04-09 36400]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
    R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
    R2 VNASC;Check Point Virtual Network Adapter - SecureClient; C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 109072]
    R2 VPN-1;VPN-1 Module; C:\WINDOWS\System32\drivers\vpn.sys [2006-04-09 671472]
    R3 Aldebaran;Aldebaran - SCSI Command Filters; C:\WINDOWS\System32\Drivers\Aldebaran.sys [2004-02-11 21808]
    R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
    R3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    R3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
    R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
    R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 FirehkMP;FirehkMP; C:\WINDOWS\system32\DRIVERS\firehk.sys [2008-04-29 42056]
    R3 firelm01;firelm01; \??\C:\WINDOWS\system32\drivers\firelm01.sys []
    R3 FW1;SecuRemote Miniport; C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 2234320]
    R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2006-11-21 61312]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HIPK;McAfee Inc. HIPK; C:\WINDOWS\system32\drivers\HIPK.sys [2008-04-28 100104]
    R3 HIPPSK;McAfee Inc. HIPPSK; C:\WINDOWS\system32\drivers\HIPPSK.sys [2008-04-28 30856]
    R3 HIPQK;McAfee Inc. HIPQK; C:\WINDOWS\system32\drivers\HIPQK.sys [2008-04-28 27976]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
    R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
    R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-05-12 64232]
    R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-05-12 72936]
    R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-05-12 33960]
    R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-04-28 205608]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
    R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104]
    R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-13 273024]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 Firehk;McAfee NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\firehk.sys [2008-04-29 42056]
    S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
    S3 GT72NDISIPXP;GT 72 IP NDIS; C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-08-23 95744]
    S3 GT72UBUS;GT 72 U BUS; C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-08-23 51968]
    S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-08-23 8064]
    S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver; C:\WINDOWS\System32\Drivers\nx6000.sys [2007-04-12 34136]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
    S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
    S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys []
    S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
    S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-03 5888]
    S3 ser2plms;Microsoft USB GPS driver; C:\WINDOWS\system32\DRIVERS\ser2plms.sys [2006-03-28 42240]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2007-09-04 25736]
    S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AeXNSClient;Altiris Agent; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2008-05-11 1523712]
    R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 CarbonCopy32;Altiris Carbon Copy; C:\WINDOWS\system32\ccsrvc.exe [2007-05-29 49152]
    R2 enterceptAgent;McAfee Host Intrusion Prevention Service; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2008-07-09 1455424]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-10-18 434176]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
    R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
    R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-03-14 103744]
    R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2008-05-12 144704]
    R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-05-12 54608]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    R2 r_server;Remote Administrator Service; C:\WINDOWS\system32\r_server.exe [2004-12-20 724992]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 327680]
    R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 946176]
    R2 SR_Service;Check Point VPN-1 Securemote service; C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe [2006-04-09 110691]
    R2 SR_Watchdog;Check Point VPN-1 Securemote watchdog; C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe [2006-04-09 36964]
    R2 Stuffit Archive Name Service;Stuffit Archive Name Service; C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe [2008-01-31 157016]
    R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
    R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-10-18 290816]
    R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-20 654848]
    R3 hips;McAfee HIPSCore Service; C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [2008-04-28 46400]
    S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-03-25 359160]
    S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-03-26 310008]
    S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-03-26 166648]
    S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-03-25 88824]
    S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 1010424]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------
     
    bkasai,
    #1
  2. 2008/12/08
    bkasai

    bkasai Inactive Thread Starter

    Joined:
    2007/09/01
    Messages:
    17
    Likes Received:
    0
    Here's the info.txt file also.

    info.txt logfile of random's system information tool 1.04 2008-12-07 23:48:21

    ======Uninstall list======

    -->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
    -->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
    -->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
    -->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
    -->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    -->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
    -->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
    -->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
    -->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    -->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BB529C7-855D-11D7-8444-0050BA1D384D}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D07881-18E2-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
    Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
    Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
    Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
    Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
    Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
    Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    AIM Toolbar--> "C:\Program Files\AIM Toolbar\uninstall.exe "
    ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
    Altiris Application Metering Agent-->MsiExec.exe /I{4A702DA1-9E48-4346-8030-26B399CCFA8C}
    Altiris Carbon Copy Solution Agent -->MsiExec.exe /X{332454D8-73B0-4b4a-954C-D96089CD898A}
    Altiris Carbon Copy Solution Agent 6.2-->MsiExec.exe /x {332454D8-73B0-4b4a-954C-D96089CD898A} /qf
    BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{75D6745B-2239-4182-A31F-F95CEBB35099}
    BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{75D6745B-2239-4182-A31F-F95CEBB35099}
    Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
    Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA1-->MsiExec.exe /X{afa566e6-9642-438c-aca7-866e4bf0f887}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
    Digital Foundry TWC AdminFramework Setup 2.0-->MsiExec.exe /I{9107EECE-3114-488D-8883-D0A5C77DAE78}
    DirectVobSub (remove only)--> "C:\Program Files\DirectVobSub\uninstall.exe "
    Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
    Driver Installer-->MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
    EDraw Max 3--> "C:\Program Files\EDraw Max\unins000.exe "
    eFax Messenger 4.3-->C:\Program Files\eFax Messenger 4.3\Uninstall.exe
    eRoom 7-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\eRoom 7\Uninst.isu" -c "C:\Program Files\eRoom 7\eRClientUninstall.dll "
    eWallet 4.1 for Windows PCs--> "C:\Program Files\Ilium Software\eWallet\unins000.exe "
    File, Print FedEx Kinko's-->MsiExec.exe /X{EBA09A1B-8D0A-4D65-BF5F-96186DAA6628}
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google Updater--> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    High Definition Audio Driver Package - KB888111--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
    HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for MSXML 2 (KB887606)--> "C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$\spuninst\spuninst.exe "
    Hotfix for Windows Media Format SDK (KB902344)--> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe "
    HP Color LaserJet 2605 Series 1.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{4E59AA98-3EF3-47A3-9DEA-6B37F00C901F}\setup\hpzscr01.exe -datfile hppscr03.dat -forcereboot
    HP Commercial Scanjet 5590 TWAIN Driver-->C:\WINDOWS\IsUninst.exe -f "C:\WINDOWS\PIXTRAN\HP Commercial Scanjet 5590 TWAIN Driver.isu" -c "C:\WINDOWS\PIXTRAN\sdkunin.dll "
    HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
    HP Photo and Imaging 2.5 - Scanjet 5590 Series-->MsiExec.exe /I{CC12B3AC-0A75-4F85-8BC9-89D440BE3846}
    HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
    HPScanjet5590Corporate11-->MsiExec.exe /I{8EAC1D0C-80BA-4077-932A-7E9E2F680845}
    Information Service--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL
    Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
    Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    Maxtor Manager--> "C:\Program Files\InstallShield Installation Information\{4D36E953-4456-4F8F-BC44-90BC4AA59889}\setup.exe" -runfromtemp -l0x0409 -removeonly
    Maxtor Manager-->MsiExec.exe /I{4D36E953-4456-4F8F-BC44-90BC4AA59889}
    McAfee Agent-->MsiExec.exe /X{A638557B-1F13-40A0-9627-C892FBCA6960}
    McAfee AntiSpyware Enterprise Module--> "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
    McAfee Host Intrusion Prevention-->MsiExec.exe /X{B332732A-4958-41DD-B439-DDA2D32753C5}
    McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
    mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
    mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
    mDrWiFi-->MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
    mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
    Microsoft .NET Framework 1.1 Hotfix (KB886903)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp "
    Microsoft .NET Framework 1.1 Hotfix (KB925168)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M925168\M925168Uninstall.msp "
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Base Smart Card Cryptographic Service Provider Package--> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe "
    Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
    Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
    Microsoft MapPoint North America 2006-->MsiExec.exe /I{83ED1E80-A1B7-4246-BCF1-AC4A88151A6B}
    Microsoft Office Communicator 2007-->MsiExec.exe /X{E5BA0430-919F-46DD-B656-0796F8A5ADFF}
    Microsoft Office Live Meeting 2007-->MsiExec.exe /I{63BEF36D-1782-4506-ABA6-6672B54641E0}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
    mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
    mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
    mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    Motorola Driver Installation-->MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
    Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
    mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
    mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
    mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
    mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
    mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
    MyPublisher BookMaker-->C:\Program Files\MyPublisher\BookMaker\BookMaker.exe -uninstall
    mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
    Nokia Connectivity Adapter Cable DKU-5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
    OZ776 SCR CardBus V1.1.3.6-->C:\Program Files\InstallShield Installation Information\{0A649E72-DB35-4C54-968E-CECAECA7E293}\setup.exe -runfromtemp -l0x0409
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
    Presto! PageManager 7.11-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC5FDFC6-D617-11D6-86D3-00055DF3561E}\setup.exe" -l0x9
    QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
    QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
    Real Alternative 1.8.0--> "C:\Program Files\Real Alternative\unins000.exe "
    RealLegal E-Transcript Viewer-->MsiExec.exe /X{2D0F506B-05E1-4492-8E65-FA13A4E77A21}
    Remote Administrator v2.2-->C:\Program Files\Radmin\uninstal.exe
    Roxio Media Manager-->MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
    Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 9 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Sonic CinePlayer DVD Pack-->MsiExec.exe /I{D4576E0D-2295-4B8E-B663-B68086B00EE5}
    StuffIt 12-->MsiExec.exe /X{9ED3C484-D002-4D4D-9BF3-C3DF9048EE7D}
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    TWAIN Driver Ver.4 for IS760-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF568FFC-A00A-49C1-B935-3CBB529E2871}\setup.exe" -l0x9 DRIVER_UNINSTALL
    URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
    Visionary Viewer-->MsiExec.exe /I{D514BD88-33CF-451E-81D6-A528E3BA817A}
    VNC 4.0--> "C:\Program Files\RealVNC\VNC4\unins000.exe "
    WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf
    Windows Imaging Component--> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
    Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
    Windows Media Format SDK Hotfix - KB891122--> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe "
    Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

    ======Hosts File======

    10.164.232.250 infocenter.twi.com
    206.221.51.23 prs03
    135.190.227.193 attccd14.ncs.att.com
    135.190.227.197 attccd25.ncs.att.com
    147.191.71.52 olap110k.broadband.att.com
    147.191.71.52 tahari.cable.comcast.com

    ======Security center information======

    AV: VirusScan Enterprise + AntiSpyware Enterprise
    FW: McAfee Host Intrusion Prevention Firewall

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
    "windir "=%SystemRoot%
    "FP_NO_HOST_CHECK "=NO
    "OS "=Windows_NT
    "PROCESSOR_ARCHITECTURE "=x86
    "PROCESSOR_LEVEL "=6
    "PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 2, GenuineIntel
    "PROCESSOR_REVISION "=0f02
    "NUMBER_OF_PROCESSORS "=2
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "VSEDEFLOGDIR "=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
    "DEFLOGDIR "=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
    "CLASSPATH "=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
    "QTJAVA "=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
    "RoxioCentral "=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

    -----------------EOF-----------------
     
    bkasai,
    #2


  3. to hide this advert.

  4. 2008/12/08
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi bkasai :)

    Please visit the following webpage for instructions for downloading and running ComboFix

    How to use ComboFix


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
     
    noahdfear,
    #3
  5. 2008/12/09
    bkasai

    bkasai Inactive Thread Starter

    Joined:
    2007/09/01
    Messages:
    17
    Likes Received:
    0
    Thanks for the ComboFix info. Ran it and the log is included below.

    Bob

    ComboFix 08-12-07.04 - E108796 2008-12-09 13:13:38.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2436 [GMT -8:00]
    Running from: c:\documents and settings\E108796\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\INSTALL.LOG
    c:\windows\IE4 Error Log.txt
    c:\windows\system32\404Fix.exe
    c:\windows\system32\agehefuh.ini
    c:\windows\system32\bepesata.dll
    c:\windows\system32\budidepu.dll
    c:\windows\system32\difasadi.dll
    c:\windows\system32\dumphive.exe
    c:\windows\system32\eferohol.ini
    c:\windows\system32\efevopen.ini
    c:\windows\system32\ekabohel.ini
    c:\windows\system32\fuyuvugo.dll
    c:\windows\system32\ibedisuz.ini
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\itafigur.ini
    c:\windows\system32\manojemi.dll
    c:\windows\system32\ofegenif.ini
    c:\windows\system32\ogoneges.ini
    c:\windows\system32\Process.exe
    c:\windows\system32\resemuzu.dll
    c:\windows\system32\rugifati.dll
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\susesari.dll
    c:\windows\system32\tmp.reg
    c:\windows\system32\ulanabaz.ini
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    c:\windows\system32\zahuzihi.dll
    C:\xcrashdump.dat
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_R_SERVER
    -------\Service_r_server


    ((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
    .

    2008-12-09 13:25 . 2008-04-28 15:19 75,072 --a------ c:\windows\system32\HIPIS0e0015b.dll
    2008-12-09 13:25 . 2008-12-09 13:25 113 --a------ c:\windows\system32\api_hook_list.dat
    2008-12-09 13:02 . 2008-12-09 13:03 <DIR> d-------- C:\32788R22FWJFW
    2008-12-09 11:48 . 2008-12-09 11:48 <DIR> d-------- c:\documents and settings\E108796\Application Data\Roxio
    2008-12-07 23:48 . 2008-12-07 23:48 <DIR> d-------- C:\rsit
    2008-12-07 23:33 . 2008-12-07 23:33 <DIR> d-------- c:\program files\Trend Micro
    2008-12-02 07:55 . 2008-12-02 07:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-12-02 07:54 . 2008-12-02 07:54 <DIR> d-------- c:\program files\SUPERAntiSpyware
    2008-12-02 07:54 . 2008-12-02 07:54 <DIR> d-------- c:\documents and settings\E108796\Application Data\SUPERAntiSpyware.com
    2008-11-21 14:33 . 2008-11-21 14:33 <DIR> d-------- c:\program files\Common Files\Software Update Utility
    2008-11-21 14:33 . 2008-11-21 14:33 <DIR> d-------- c:\program files\AIM Toolbar
    2008-11-21 14:33 . 2008-11-21 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
    2008-11-21 14:33 . 2008-11-21 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
    2008-11-10 15:07 . 2008-11-10 15:07 0 --a------ c:\windows\client.INI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-08 05:29 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2008-12-02 15:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-11-21 22:40 --------- d-----w c:\program files\AIM6
    2008-11-21 22:31 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
    2008-11-16 20:55 --------- d-----w c:\program files\PixRecovery
    2008-11-10 22:06 --------- d-----w c:\program files\Altiris
    2008-11-05 17:38 --------- d-----w c:\program files\Common Files\Altiris
    2008-11-04 20:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-04 20:22 --------- d-----w c:\program files\Microsoft Works
    2008-10-23 02:46 --------- d-----w c:\program files\Microsoft Silverlight
    2008-10-15 21:33 --------- d-----w c:\program files\Google
    2008-10-09 15:50 --------- d-----w c:\documents and settings\e108796\Application Data\Juniper Networks
    2008-01-22 22:01 56,912 ----a-w c:\documents and settings\E108796\g2mdlhlpx.exe
    2007-08-10 23:49 256 ----a-w c:\documents and settings\e108796.old\pool.bin
    2007-07-25 19:05 56,912 ----a-w c:\documents and settings\e108796.old\g2mdlhlpx.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{03402f96-3dc7-4285-bc50-9e81fefafe43} "= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

    [HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}]
    [HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
    [HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
    2008-10-07 11:09 1275176 --a------ c:\program files\AIM Toolbar\aimtb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{61539ecd-cc67-4437-a03c-9aaccbd14326} "= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{61539ECD-CC67-4437-A03C-9AACCBD14326} "= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

    [HKEY_CLASSES_ROOT\clsid\{61539ecd-cc67-4437-a03c-9aaccbd14326}]
    [HKEY_CLASSES_ROOT\AIMTb.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
    [HKEY_CLASSES_ROOT\AIMTb.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
    "IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
    "Apoint "= "c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
    "ShStatEXE "= "c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-12 111952]
    "Share-to-Web Namespace Daemon "= "c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
    "HP Software Update "= "c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
    "Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
    "Adobe_ID0EYTHM "= "c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
    "McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
    "eFax 4.3 "= "c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
    "IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
    "mxomssmenu "= "c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
    "McAfee Host Intrusion Prevention Tray "= "c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2008-07-09 963904]
    "AeXAgentLogon "= "c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2008-05-11 143360]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
    "SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "PixelInstall "= "1 (0x1)" [X]
    "Reboot "= "1 (0x1)" [X]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    bg.bat [2006-05-01 39]
    eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2007-12-11 629248]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "1 "= IE7*.exe
    "2 "= IE7*.msi
    "3 "= IE7-WindowsXP-x86-enu.exe

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
    2006-04-09 20:24 24674 c:\windows\system32\ckpNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.voxacm150 "= vct32150.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
    "Script "=hostnew.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1606980848-1682526488-725345543-248682\Scripts\Logon\0\0]
    "Script "=hostnew.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1606980848-1682526488-725345543-347639\Scripts\Logon\0\0]
    "Script "=hostnew.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1606980848-1682526488-725345543-347639\Scripts\Logon\1\0]
    "Script "=hostnew.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1606980848-1682526488-725345543-347639\Scripts\Logon\2\0]
    "Script "=hostnew.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1606980848-1682526488-725345543-408525\Scripts\Logon\0\0]
    "Script "=hostnew.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "= "0x00000000 "
    "UpdatesDisableNotify "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
    "c:\\csg\\acsr\\xBOI.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe "=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe "=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe "=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe "=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe "=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
    "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe "=
    "c:\\Program Files\\Altiris\\Carbon Copy\\Client.exe "=

    R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2007-06-14 16855]
    R1 CCDevice;CCDevice;c:\windows\system32\drivers\CCDevice.sys [2007-05-29 9216]
    R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
    R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
    R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2006-04-09 36400]
    R2 enterceptAgent;McAfee Host Intrusion Prevention Service; "c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe" [2008-07-09 1455424]
    R2 Maxtor Sync Service;Maxtor Service; "c:\program files\Maxtor\Sync\SyncServices.exe" [2008-07-21 193888]
    R2 Stuffit Archive Name Service;Stuffit Archive Name Service; "c:\program files\Smith Micro\StuffIt\ArcNameService.exe" [2008-01-31 157016]
    R2 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-02-21 24652]
    R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2006-04-09 109072]
    R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2006-04-09 671472]
    R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2007-06-14 21808]
    R3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-04-29 42056]
    R3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2006-04-09 2234320]
    R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2008-09-02 100104]
    R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2008-09-02 30856]
    R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2008-09-02 27976]
    R3 hips;McAfee HIPSCore Service; "c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe" [2008-09-02 46400]
    R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
    S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-04-29 42056]
    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-06-26 95744]
    S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-06-26 51968]
    S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2008-06-26 8064]
    S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-08-04 34136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48c6f644-beee-11dc-b635-001a6b31cc69}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aaa1d90-1bbe-11dd-b677-001a6b31cc69}]
    \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd54ddb8-84dd-11dd-b6aa-001a6b31cc69}]
    \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{bed8d334-5638-4f7c-8d92-5d2b5e63e427} - c:\windows\system32\budidepu.dll
    HKCU-Run-Aim6 - (no file)
    HKLM-Run-CPM27233c54 - c:\windows\system32\dazimowe.dll
    MSConfigStartUp-24100fc8 - c:\windows\system32\nepovefe.dll
    MSConfigStartUp-CPM27233c54 - c:\windows\system32\lonobori.dll
    MSConfigStartUp-vebohivuzu - c:\windows\system32\fotolowu.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.twcable.com
    uInternet Connection Wizard,ShellNext = hxxp://www.twcable.com/
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\AIM Toolbar\aimtb.dll

    c:\windows\system32\dmlocale.dll - c:\windows\system32\dmmailsvc.dll
    c:\windows\system32\dmtrace.dll
    c:\windows\system32\dmimage.dll
    c:\windows\system32\snbd10dm.dll
    c:\windows\system32\OBXKeywordPanel.ocx
    c:\windows\system32\OBXViewer.ocx
    O16 -: {238EC5B8-0BF5-11D5-826E-00010239321B}
    hxxp://obtwc.twcable.com/Applets/OBXViewer.cab
    c:\windows\Downloaded Program Files\OBXViewer.inf

    c:\windows\Downloaded Program Files\uninstall_ep.exe - c:\windows\Downloaded Program Files\epi.dll
    O16 -: {5EDB10D9-7E95-4833-A218-62F375DAFCF1}
    hxxps://ra.ricoh-usa.com/postauthI/epi.cab
    c:\windows\Downloaded Program Files\epi.inf

    c:\windows\system32\dmlocale.dll - c:\windows\system32\dmmailsvc.dll
    c:\windows\system32\snbd10dm.dll
    c:\windows\system32\OBXDocumentSelect.ocx
    O16 -: {8285080A-3FAF-41B1-B7BD-933EE724B650}
    hxxp://obtwc.twcable.com/Applets/OBXSelect.cab
    c:\windows\Downloaded Program Files\OBXSelect.inf
    FireFox -: Profile - c:\documents and settings\E108796\Application Data\Mozilla\Firefox\Profiles\zanoqno2.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-09 13:30:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1260)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
    c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
    c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    c:\windows\system32\scardsvr.exe
    c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CCSRVC.exe
    c:\program files\Altiris\Carbon Copy\ShellKer.exe
    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\program files\RealVNC\VNC4\winvnc4.exe
    c:\progra~1\Altiris\CARBON~1\Client.exe
    c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\program files\Apoint\hidfind.exe
    c:\program files\Apoint\ApntEx.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\McAfee\Common Framework\Mctray.exe
    c:\program files\Altiris\Altiris Agent\AeXAgentUIHost.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\McAfee\Common Framework\McScript_InUse.exe
    c:\program files\Java\jre1.5.0_11\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2008-12-09 13:37:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-12-09 21:37:32

    Pre-Run: 4,255,285,248 bytes free
    Post-Run: 4,735,655,936 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    321 --- E O F --- 2008-01-30 21:04:12
     
    bkasai,
    #4
  6. 2008/12/09
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks real good, but a couple of things I want to have a better look at. Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    Suspect::[22]
c:\windows\system32\HIPIS0e0015b.dll
c:\windows\system32\api_hook_list.dat
FileLook::
c:\documents and settings\E108796\g2mdlhlpx.exe
c:\documents and settings\e108796.old\pool.bin
c:\documents and settings\e108796.old\g2mdlhlpx.exe
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and a log will open when it's complete. Post the contents of that log here.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    Please note that I have instructed CFScript to collect some files for analysis. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.
    Thanks!
     
    noahdfear,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...