Results 1 to 3 of 3

Thread: Virtumonde Help II

  1. #1
    Junior Member
    Join Date
    Nov 2009
    Posts
    5

    Default Virtumonde Help II

    Here is the second Log: Logfile of random's system information tool 1.06 (written by random/random)
    Run by Dad at 2009-11-08 23:56:14
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 30 GB (40%) free of 76 GB
    Total RAM: 495 MB (16% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:56:48 PM, on 11/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Dad\Desktop\RSIT.exe
    C:\Program Files\trend micro\Dad.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {01CAA672-6BB5-4B73-8DB9-75C017B84B98} - C:\WINDOWS\System32\dsprop32.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [A00F253A65.exe] C:\DOCUME~1\Dad\LOCALS~1\Temp\_A00F253A65.exe
    O4 - HKUS\S-1-5-21-1123561945-1417001333-725345543-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Jess')
    O4 - HKUS\S-1-5-21-1123561945-1417001333-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jess')
    O4 - HKUS\S-1-5-21-1123561945-1417001333-725345543-1005\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart (User 'Jess')
    O4 - HKUS\S-1-5-21-1123561945-1417001333-725345543-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Baby Boy')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dmserver32.dll
    O20 - Winlogon Notify: 201d0af4697 - C:\WINDOWS\System32\dmserver32.dll
    O20 - Winlogon Notify: __c0097D5D - C:\WINDOWS\system32\__c0097D5D.dat
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - http://www.spinner.com/images/icon_example.gif

    --
    End of file - 11916 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\EasyShare Registration Task.job
    C:\WINDOWS\tasks\OGALogon.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{43F71E27-EFEC-4960-A57C-43EDDC5A881C}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01CAA672-6BB5-4B73-8DB9-75C017B84B98}]
    C:\WINDOWS\System32\dsprop32.dll [2009-11-08 206848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
    HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2009-03-31 357744]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-05-12 116088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-23 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-27 762864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-23 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
    HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2009-03-31 357744]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-23 259696]
    {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
    "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
    "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
    "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []
    "Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2005-06-07 1339392]
    "A00F253A65.exe"=C:\DOCUME~1\Dad\LOCALS~1\Temp\_A00F253A65.exe [2009-11-08 37888]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F104DD4.exe]
    C:\DOCUME~1\Dad\LOCALS~1\Temp\_A00F104DD4.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F1D053DB.exe]
    C:\DOCUME~1\Dad\LOCALS~1\Temp\_A00F1D053DB.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F7134E94.exe]
    C:\DOCUME~1\Dad\LOCALS~1\Temp\_A00F7134E94.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F85E9DC.exe]
    C:\DOCUME~1\Dad\LOCALS~1\Temp\_A00F85E9DC.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMaestro]
    C:\Program Files\HP Wireless Keyboard\KMaestro.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]
    NULL []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
    C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\NI5ZQ2RA\setup213[1].exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
    C:\Program Files\AT&T\Internet Security Wizard\ISW.exe [2007-05-03 2061816]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    C:\Program Files\Microsoft Works\WkDetect.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
    C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
    C:\Program Files\Real\RealOne Player\realplay.exe [2006-06-05 1003520]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicFocus]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Vanisher]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-23 39408]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    C:\Program Files\AWS\WeatherBug\Weather.exe [2005-06-07 1339392]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-07-17 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-06-04 126976]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
    C:\PROGRA~1\INTERV~1\WINDVD~1\WINSCH~1.EXE [2002-11-26 139264]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    C:\PROGRA~1\KODAK\KODAKE~1\bin\EASYSH~1.EXE [2008-05-10 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2001-08-07 24633]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    C:\PROGRA~1\LimeWire\LimeWire.exe [2009-06-22 139776]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\WINDOWS\System32\dmserver32.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\201d0af4697]
    C:\WINDOWS\System32\dmserver32.dll [2009-11-05 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0097D5D]
    C:\WINDOWS\system32\__c0097D5D.dat [2009-11-08 25600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update"
    "C:\Program Files\Intel\Intel(R) Active Monitor\iActvMon.exe"="C:\Program Files\Intel\Intel(R) Active Monitor\iActvMon.exe:*:Enabled:Intel Active Monitor"
    "C:\Program Files\iPod\iPod Updater 2005-02-07\iPod Updater 2005-02-07.exe"="C:\Program Files\iPod\iPod Updater 2005-02-07\iPod Updater 2005-02-07.exe:*:Enabled:iPod Updater 2005-02-07"
    "C:\Program Files\Symantec\LiveUpdate\LUALL.EXE"="C:\Program Files\Symantec\LiveUpdate\LUALL.EXE:*:Enabled:LiveUpdate"
    "C:\Program Files\AWS\WeatherBug\Weather.exe"="C:\Program Files\AWS\WeatherBug\Weather.exe:*:Enabled:WeatherBug"
    "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\setup\HPZnui01.exe"="D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "E:\setup\HPZnui01.exe"="E:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "D:\setup\HPZnui01.exe"="D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe"
    "E:\setup\HPZnui01.exe"="E:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd343d91-2727-11dd-a7ac-00045a78e1c3}]
    shell\AutoRun\command - E:\LaunchU3.exe -a


    ======File associations======

    .js - open - C:\Corel\Suite8\Programs\CCWin\Cscape.exe

    ======List of files/folders created in the last 1 months======

    2009-11-08 23:56:14 ----D---- C:\rsit
    2009-11-08 22:45:25 ----A---- C:\WINDOWS\system32\dsprop32.dll
    2009-11-08 20:43:18 ----A---- C:\WINDOWS\system32\dpmodemx32.dll
    2009-11-08 06:09:58 ----A---- C:\WINDOWS\system32\dsauth32.dll
    2009-11-08 05:33:16 ----ASH---- C:\WINDOWS\system32\CE.tmp
    2009-11-07 05:38:53 ----A---- C:\WINDOWS\system32\GWFSPidGen32.dll
    2009-11-06 23:22:54 ----D---- C:\Program Files\trend micro
    2009-11-06 05:21:06 ----A---- C:\WINDOWS\system32\confmsp32.dll
    2009-11-05 22:23:45 ----A---- C:\WINDOWS\system32\dskquoui32.dll
    2009-11-05 22:21:56 ----A---- C:\WINDOWS\system32\encdec32.dll
    2009-11-05 22:21:39 ----A---- C:\WINDOWS\system32\dplayx32.dll
    2009-11-05 22:21:02 ----A---- C:\WINDOWS\system32\COMCTL9532.dll
    2009-11-05 22:19:15 ----A---- C:\WINDOWS\system32\d3d8thk32.dll
    2009-11-05 22:17:49 ----SHD---- C:\WINDOWS\system32\LocalService
    2009-11-05 22:17:44 ----ASH---- C:\WINDOWS\system32\1BC.tmp
    2009-11-05 22:17:38 ----A---- C:\WINDOWS\system32\dnsrslvr32.dll
    2009-11-05 22:17:36 ----A---- C:\WINDOWS\system32\dmserver32.dll
    2009-10-23 16:55:51 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2009-10-23 16:55:29 ----D---- C:\Documents and Settings\Dad\Application Data\Office Genuine Advantage
    2009-10-14 02:14:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
    2009-10-14 02:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
    2009-10-14 02:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
    2009-10-14 02:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
    2009-10-14 02:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
    2009-10-14 02:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
    2009-10-14 02:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
    2009-10-14 02:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
    2009-10-14 02:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

    ======List of files/folders modified in the last 1 months======

    2009-11-08 23:22:13 ----D---- C:\WINDOWS\Temp
    2009-11-08 22:49:25 ----D---- C:\Documents and Settings\Dad\Application Data\HPAppData
    2009-11-08 22:47:47 ----D---- C:\WINDOWS\system32
    2009-11-08 22:44:35 ----D---- C:\WINDOWS\Prefetch
    2009-11-08 22:22:17 ----AD---- C:\WINDOWS
    2009-11-08 22:08:22 ----RASH---- C:\boot.ini
    2009-11-08 22:08:22 ----A---- C:\WINDOWS\win.ini
    2009-11-08 22:08:22 ----A---- C:\WINDOWS\system.ini
    2009-11-08 22:08:14 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-11-08 22:07:56 ----D---- C:\Program Files\Common Files\Symantec Shared
    2009-11-08 22:06:19 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-11-08 21:17:15 ----D---- C:\WINDOWS\system32\Restore
    2009-11-08 06:29:16 ----D---- C:\Documents and Settings\Dad\Application Data\WeatherBug
    2009-11-06 23:22:54 ----AD---- C:\Program Files
    2009-11-06 23:14:43 ----D---- C:\WINDOWS\network diagnostic
    2009-11-05 23:51:09 ----D---- C:\Documents and Settings\Dad\Application Data\Adobe
    2009-11-05 23:51:09 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-11-05 23:47:58 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-11-05 23:47:58 ----D---- C:\Program Files\NewTech Infosystems
    2009-11-05 23:47:56 ----SHD---- C:\WINDOWS\Installer
    2009-11-05 23:47:55 ----HD---- C:\Config.Msi
    2009-11-03 20:41:38 ----HD---- C:\WINDOWS\inf
    2009-11-03 20:41:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-11-03 20:39:48 ----HD---- C:\WINDOWS\$hf_mig$
    2009-11-03 04:35:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-10-29 20:47:20 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
    2009-10-26 17:53:44 ----D---- C:\MyFiles
    2009-10-24 18:42:35 ----AC---- C:\WINDOWS\WinInit.Ini
    2009-10-24 18:02:43 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-10-22 03:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-10-20 20:16:06 ----D---- C:\Program Files\Common Files\Adobe
    2009-10-20 20:15:41 ----D---- C:\Program Files\Adobe
    2009-10-14 04:05:56 ----D---- C:\Program Files\Internet Explorer
    2009-10-14 02:37:04 ----RSD---- C:\WINDOWS\assembly
    2009-10-14 02:31:59 ----D---- C:\WINDOWS\Microsoft.NET
    2009-10-14 02:18:52 ----D---- C:\WINDOWS\WinSxS
    2009-10-14 02:15:19 ----A---- C:\WINDOWS\imsins.BAK
    2009-10-14 02:14:45 ----D---- C:\WINDOWS\ie8updates
    2009-10-09 17:22:41 ----D---- C:\Documents and Settings\Dad\Application Data\Move Networks

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-08-09 43672]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-08 33248]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
    R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
    R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
    R2 iSMBIOS;iSMBIOS; \??\C:\WINDOWS\System32\drivers\iSMBIOS.SYS []
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-03-31 63232]
    R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-03-31 55936]
    R2 SIODRV;SIODRV; \??\C:\WINDOWS\System32\drivers\SIODRV.SYS []
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
    R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-28 36224]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2008-04-15 49920]
    R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2008-04-15 16496]
    R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2008-04-15 21568]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091108.020\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091108.020\NAVEX15.SYS []
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-08-15 6016]
    R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-10-04 15920]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-02-24 14604]
    R3 SMBios;Intel (R) System Managment BIOS Service; C:\WINDOWS\System32\DRIVERS\SMBios.sys [2003-06-17 35012]
    R3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\System32\DRIVERS\smb.sys [2002-10-23 21963]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
    R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2009-02-19 38576]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20091105.001\SymIDSCo.sys []
    R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2009-02-19 37424]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
    S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
    S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
    S3 Navacg;Navacg; C:\WINDOWS\system32\drivers\Navacg.sys []
    S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2006-11-03 11776]
    S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-10-03 16128]
    S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
    S3 w600bus;Sony Ericsson W600 driver (WDM); C:\WINDOWS\system32\DRIVERS\w600bus.sys []
    S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w600mdfl.sys []
    S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w600mdm.sys []
    S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w600mgmt.sys []
    S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w600obex.sys []
    S3 Winachcf;Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [2002-10-18 842128]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe [2006-11-03 69632]
    R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
    R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-09-19 303104]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
    R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S2 imonNT;Intel(R) Active Monitor; C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe [2003-01-10 102400]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-12-07 68096]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 182768]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
    S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe []
    S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
    S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-12 1245064]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
    Any help would be great thanks dueyp

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello dueyp,

    You already have an open topic: http://forums.spybot.info/showthread.php?t=53245

    Please do not start more than one topic for the same computer, during the same period. It will either be removed, closed or merged with your original thread.
    Please do not add logs from other scans.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Nov 2009
    Posts
    5

    Default Virtumonde Help

    I'm a new Post-it, guess i'm lost, I need help with this dang thing. Please tell me where to start. Have run sypbot and it shuts down when it find Virtumonde. I will try to do better with the post Thank dueyp

    Edit
    Your open topic is here:
    http://forums.spybot.info/showthread.php?t=53245
    Last edited by tashi; 2009-11-10 at 06:37. Reason: Merged two topics

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •